Outlines how to generate a GnuPG key for use with Crypt_GPG.
Crypt_GPG does not yet support generating GnuPG keys. Generating a GnuPG key for use with Crypt_GPG is much the same as generating any other GnuPG key on a system.
Important: Though Crypt_GPG supports specifying the keyring to use, Crypt_GPG, by default, uses the keyring of the current user. If using Crypt_GPG with a webserver such as Apache, the current user is the Apache user and the key will need to be generated as the Apache user. To do this, run the gen-key command as:$ sudo -u apache gpg --gen-key
The following example walks through the process of generating a key that supports both encrypting and signing. First, run the command:
This will display the following copyright information and a list of available key types:
Select (1) DSA and Elgamal (default) to allow the generated key to both encrypt and sign data. This will generate a public-private key pair in the GPG keyring and prompt for the size of the encryption key:
Select the default value of 2048. Enter greater or fewer bits depending on how secure the encryption must be. The default value is considered safe for most applications. GnuPG then prompts for the time period over which the generated key will be valid:
Unless the key needs to expire after a certain time period (preventing subsequent decryption), a key that does not expire should be used. Next, enter the three parts of the key's user id. The first part of the user id is the real name of the person or organization that will use the key to sign or encrypt data. The second part is an email address and the third is a comment about the key. Both the email address and comment are optional:
After entering the primary user id of the new key, the passphrase must be selected. A secret passphrase is essential to securing encrypted data. Guessable passphrases will render encryption useless. For critical data such as credit card numbers, a non-dictionary word that is at least 8 characters long is recommended.
Following the passphrase, GnuPG will gather entropy for a period to ensure the generated key uses sutitably random numbers. When enough entropy is collected the key is generated and added to the keyring:
At this point the key is in the GnuPG keyring and ready to be used by Crypt_GPG.