<page xmlns="http://projectmallard.org/1.0/" xmlns:its="http://www.w3.org/2005/11/its"
type="topic" id="mail-encryption-gpg-create-key">
<info>
<desc>Signing or encrypting messages via GPG/OpenPGP that you send.</desc>
<link type="guide" xref="mail-encryption#gpg"/>
<revision pkgversion="2.32.1" version="0.3" date="2012-02-18" status="final"/>
<credit type="author">
<name its:translate="no">Andre Klapper</name>
<email its:translate="no">ak-47@gmx.net</email>
</credit>
<credit type="author">
<name its:translate="no">Novell, Inc</name> <!-- Content partially from http://library.gnome.org/users/evolution/2.32/encryption.html.en#encryption-keygen -->
</credit>
<license>
<p>Creative Commons Share Alike 3.0</p>
</license>
</info>
<title>Creating a GPG key</title>
<note style="advanced"><p>These steps are very technical. For average users we recommend using the <link href="help:seahorse/index"><app>Seahorse</app> application</link> for managing GPG/OpenPGP keys.</p></note>
<!-- TODO:POST-3-2: Update and rewrite using Seahorse. Needs a complete rewrite once https://bugzilla.gnome.org/show_bug.cgi?id=508744 is fixed. -->
<p>Before you can get or send GPG encrypted mail, you need to generate your public and private keys with GPG.</p>
<steps>
<item><p>Open the <app>Terminal</app> application and enter <cmd>gpg --gen-key</cmd>.</p></item>
<item><p>Select an algorithm, then press Enter.</p></item>
<item><p>Select a key length, then press Enter.</p></item>
<item><p>Enter how long your key should be valid for.</p></item>
<item><p>Type your real name, then press Enter.</p></item>
<item><p>Type your email address, then press Enter.</p></item>
<item><p>(Optional) Type a comment, then press Enter.</p></item>
<item><p>Review your selected user ID. If it is correct, press O.</p></item>
<item><p>Type a passphrase, then press Enter.</p></item>
<item><p>Move your mouse randomly to generate the keys.</p></item>
</steps>
<p>After the keys are generated, you can view your key information by entering <cmd>gpg --list-keys</cmd>. You should see something similar to this: <code> /home/you/.gnupg/pubring.gpg ---------------------------- pub 1024D/32j38dk2 2001-06-20 you <you@example.com> sub 1024g/289sklj3 2011-06-20 [expires: 2012-11-14]</code></p>
<p>GPG creates one list, or keyring, for your public keys and one for your private keys. All the public keys you know are stored in the file <file>~/.gnupg/pubring.gpg</file>. If you want to give other people your key, send them that file.</p>
<p>If you want, you can upload your keys to a key server:</p>
<steps>
<item><p>Check your public key ID with <code>gpg --list-keys</code>. It is the string after <code>1024D</code> on the line beginning with <code>pub</code>. In the example above, it is <code>32j38dk2</code>.</p></item>
<item><p>Enter the command <cmd>gpg --send-keys --keyserver wwwkeys.pgp.net 32j38dk2</cmd>. Substitute your key ID for <code>32j38dk2</code>. You need your password to do this.</p></item>
</steps>
<p>Key servers store your public keys for you so that your friends can decrypt your messages. If you choose not to use a key server, you can manually send your public key, include it in your signature file, or put it on your own Web page. However, it is easier to publish a key once, and then let people download it from a central place when they want.</p>
<p>If you don't have a key to unlock or encrypt a message, you can set your encryption tool to look it up automatically. If it cannot find the key, an error message appears.</p>
</page>