How to Generate and Use PGP Keys
In this article you will learn what a PGP key pair is, how to generate one, and how to copy and paste your PGP public key into a social media profile. Satoshi Nakamoto has one, Gavin Andresen has one (as do most bitcoin developers), and even Star Trek’s Will Wheaton has one. Why? Signing a message with a PGP key prevents impostors from pretending they are you, and when someone sends a message encrypted with your PGP key, only you can read it.
A Quick Background on PGP
PGP stands for “Pretty Good Protection” and is a method of encrypting and verifying digital information such as emails, text messages, and other documents. For instance, most darknet markets require that their members provide a PGP public key upon registration of their account in the case that sensitive messages need to be sent from one member to another. The signing of such a message involves the sender using the public key of the recipient to encrypt the message. The recipient then uses their private key to decrypt the message.
Thus, there are 2 keys generated during the PGP key creation process: public and private. The public key is the one you will want to share with others (thus the name “public key”). There are several different ways to generate PGP key pairs; in this article we will be using a program called Gpg4win, also known as Kleopatra.
Step-by-Step Instructions for Generating Your Own PGP Keys
1. First, visit the Gpg4win website to begin downloading the program.
While downloading gpg4win is free, you will be presented with a few different donation options to donate money or bitcoin to the developer. If you wish to bypass the donation process, simply click the big blue “$0” as a donation amount option to make the blue “Download” button appear beneath the donation text. Click it to begin downloading the program.
2. After the gpg4win has finished downloading, double click it to begin the installation process. After the installer opens, click “Next” to continue. You will be presented with a list of components to be installed. Note that the “GPA” option is unchecked by default. Check this option before clicking “Next” to proceed (the “Browser integration” option is not necessary to install).
3. The next screen will then ask you where you want the program to be installed. By default, the directory path should say C:\Program Files\Gpg4win. Install the program in the default Program Files folder option.
4. After the installation has finished, click “Next,” and then “Finish” with the “Run Kleopatra” box checked (it is checked by default). You will now be presented with the main screen of the Kleopatra program. From here, click the big “New Key Pair” box in the middle of the screen to generate your PGP keys.
5. You are then brought to the Key Pair Creation Wizard screen. Though the word “(optional)” is written next to both Name and Email fields, you will need to provide at least 5 characters in the Name field in order to generate a PGP key pair that can be connected to your online identity. For the purposes of creating PGP keys for online accounts, you do not need to use the same name as your accounts, but you can if you wish.
Note that a key pair is only valid for 2 years under the default option. You can increase or decrease the length of time for which your keys are valid by clicking on the “Advanced Settings” button and adjusting the Valid until field (uncheck the box next to the field if you want your keys to never expire). You do not need to adjust the other settings when creating PGP keys for basic purposes. After you have entered your PGP account name, press “Next” and then “Create” to generate your key pair.
6. You will then be asked to create a pass phrase of at least 10 letters to secure your keys. Be sure to create a pass phrase you won’t forget. Write it down somewhere in case you need to access it later. Without it, you will not be able to sign and decrypt future messages. After doing this and entering in the same pass phrase twice, click “OK” to continue.
7. After the key pair has been successfully created, press “Make a Backup Of Your Key Pair” under the words Next Steps.
Save the file in a folder where you will remember where it is (the file name will be a long string of characters, this is known as your “PGP fingerprint”). After the file has been saved, you will be brought back to the Key Pair Creation Wizard, then press “Finish.”
8. You will then be brought back to the Kleopatra home screen which displays your newly created key pair name. To access your public key (the one you will be posting into your account or sharing with others), right-click the field with the key pair name and press “Details” at the bottom of the menu.
9. Next, press the “Export” button. This will bring up the contents of your public key.
10. Click anywhere in the box of text, select all (ctrl+a) and copy (ctrl+c) the entire contents. This is your PGP public key, and what you will be pasting for online verification purposes. Paste (ctrl+v) it into a text document and save it in a place where you will remember where it is.
That’s it. You’ve now created your own PGP public key.
Posting your Public PGP Key On the Internet
When you are ready, you can copy and paste your entire public key into the corresponding field on your social media (or other) account. It usually looks like this:
It is important to remember that your public key will always start with the words:
—–BEGIN PGP PUBLIC KEY BLOCK—–
And end with the words:
—–END PGP PUBLIC KEY BLOCK—–
It will basically look like this when correctly filled:
After entering your public key, scroll down to the bottom of the screen and save your changes. Your PGP public key is now saved as part of your account profile and will be visible to the public.
How to Sign Text Using your PGP Keys
Thanks to Kleopatra, the process is actually quite simple. In order to sign text using your PGP private key, simply copy and paste the text you wish to sign into your clipboard. Then, under the Tools menu, go down to the Clipboard option, and select OpenPGP-Sign.
Make sure you are signing with the correct certificate (account), click “OK” and then “Next.”
A message will appear that says “Signing succeeded.” Your signed text will now be available in your clipboard. It will look something like this, with the original text message in the top portion and the signed message underneath:
Now, others who have your PGP public key will be able to verify that your message indeed came from you, and not an impostor. You can also import the public keys as text files from others into Kleopatra and verify their signatures using the Decrypt/Verify option in the File portion of the program menu. The easiest way to do this is to drag and drop the public key-containing text file into Kleopatra and selecting the Import Certificates option. Then drag and drop the message to be verified belonging to the PGP public key you just imported, select Decrypt/Verify, and voilà, the message is then verified.
hello,
I followed all the instructions.
Always says not connected with gui or other cleopatra is running or wrong password.
Is there e nobody who can look and help what is wrong
I live in the Netherlands
That’s odd – to be honest with you I’ve never encountered those errors. I just checked now and everything is connected on my end. If you have some sort of specialized internet connection – like if you are using a firewall or something – that may explain it. If you are using a Linux OS, that may explain it as well. Otherwise, my only suggestion is to look for a different version of Kleopatra.
how do i another a different version of Kleopatra?
The most recent version of Kleopatra for Windows can be found here:
https://www.gpg4win.org/download.html
Hallo Gerard,
Stuur een email naar [email protected] met je contact gegevens (bv. whatsapp) en dan spreken we een keer af en help ik je wel.
Mvg,
Sifu Ray
Under the Advance Which Curve key is Better the RSA 4096,. Also if not how do I get a bigger Key than 4096 RSA?
If I were you I would just use the default settings. They are for all purposes unbreakable and it will be much easier for others to write encrypted messages using your pub key.
how do i decrypt my pgp public key
You can’t decrypt the key itself, you can only decrypt messages encrypted using your PGP public key.
Right. But when it says “Please decrypt the following message with your private key and send the required code.”
What am I supposed to do with the string that begins with —–BEGIN PGP MESSAGE—–
and ends with
—–END PGP MESSAGE—–
You copy, paste and decrypt the entire thing.
—–BEGIN PGP MESSAGE—–
and
—–END PGP MESSAGE—–
and everything in-between.
Hi, I tried that but when I hit decrypt/verify it just kept saying no open pgp something….Sorry, I’ve been trying to do this for sometime and when I finally think I got it , well, then…Idk,anyway, Could you please help me , thanks
Hi, Please help. Where and how do I post my public PGP key on the internet? This is the part I don’t understand. It says post it on social media and gives a picture of what it’s supposed to look like. I haven’t seen anything like that and I’ve followed each and every direction. When it came to this part and said I would see a Corresponding Field to paste my public pgp key in. Where is the Corresponding Field page??? Anyone – Please Help
Hi, This is for anyone out there that can answer my question. Please Help. OK. My question is : After you drag and drop your public key & then the reply is to Decrypt & Verify, so, When you open Kleopatra – Where do you drag & drop the message to be decrypted ?? On to the Notepad ?? Or the Clipboard ?? because in this they are 2 separate things. Again, Anyone, Please Help !!