Generating GPG Keys


Generating GPG Keys in the Browser on Files.com

You can generate a GPG/PGP key pair using your browser using the GPG Key Manager or while setting up automated encryption or decryption.

If you want to generate a key pair that can be used for multiple encryption or decryption folders then use the GPG Key Manager to generate the key pair. This method stores the private key within Files.com. The private key is encrypted while stored and cannot be accessed by Files.com employees.

Generating GPG Keys on Windows

The GPG app we will use for this tutorial is the Gpg4win app suite. You can learn about and download the app on the Gpg4win site. The installer will install an app called Kleopatra, which is a key management app that can be used to generate key pairs and to import private keys provided to you by others for the purpose of decrypting files.

Download and Install Gpg4win

Download and install Gpg4win from the official website: https://gpg4win.org/

Use the Kleopatra App to Generate a New GPG/PGP Key Pair

Open the Kleopatra certificate manager app from the Windows Start menu.

Select the File menu then select the New OpenPGP Key Pair menu item.

Follow the on-screen instructions and enter your name and email address.

Select the Protect the generated key with a passphrase option. (This is optional. You can leave this option unselected if you wish to have no passphrase to protect the private key.)

Select Advanced Settings... and make sure, under the Certificate Usage section, that both Signing and Encryption are selected.

Select OK to start the key generation process. If prompted, enter a strong passphrase to protect your private key.

Export the Public and Private Portions of the New Key Pair

Right-click on the newly created key and select Export... to export the public portion of the GPG/PGP key.

Right-click on the newly created key and select Backup Secret Keys... to export the private portion of the GPG/PGP key. If prompted, enter the passphrase for the key.

You can open and view the exported files using a text editor or viewer such as Notepad.

Your public key is the entire contents of the text that begins with: -----BEGIN PGP PUBLIC KEY BLOCK----- and ends with: -----END PGP PUBLIC KEY BLOCK-----

Your private key is the entire contents of the text that begins with: -----BEGIN PGP PRIVATE KEY BLOCK----- and ends with: -----END PGP PRIVATE KEY BLOCK-----

Extending the Expiration Date of a GPG/PGP Key on Windows

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised then extending the expiration date is typically a more acceptable alternative to generating a new key. If you generate a new key then you will need to inform all your counterparties that you have a new key. Your counterparties should delete your old key and start using your new key.

To extend the expiration date of a key, open the Kleopatra certificate manager app from the Windows Start menu and double-click the entry of the PGP Key to view its details.

Select the Change Expiry Date button, provide a new date, and save the changes.

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.

Generating GPG Keys on macOS

The GPG app we will use for this tutorial is GPG Suite. You can learn about and download this toolset from the official GPG Tools site. Download and install the app just as you do any other app for macOS. The installer will install an app called GPG Keychain. Once installation is complete, you can launch the app from your Launchpad or double click it in your Applications folder.

GPG Keychain opens to a window showing a list of current keys (one will appear by default, created by the GPG Tools team - leave that there).

To generate a new key pair, click on the New key icon in the upper left corner of the window.

Fill in the information form and choose a strong password. Be sure to keep a record of the password in a safe place such as a password manager, as this will be required to decrypt files using this keypair. GPG Keychain will allow you to proceed with the key generation without using a password, but this is less secure.

When you have the form data entered, click the Generate Key button to finish the process.

To copy your public key, Select the key by name by clicking on it in the list view, then click the Export key icon in the upper left corner. GPG Keychain will prepare to export an .asc file containing your public key (you can also check the box to include the private or "secret" key if you need to provide that to another person).

  1. Select the key by name by clicking on it in the list view, then click the Export key icon in the upper left corner. GPG Keychain will prepare to export an .asc file containing your public key (you can also check the box to include the private or "secret" key if you need to provide that to another person).
  2. In the Save As window that appears, navigate to the location where you would like the exported .asc file to save.
  3. Click Save. You will see an acknowledgement that the keys were exported.
  4. Navigate to the location you chose to save the file.
  5. Select the file and open it with TextEdit or a similar text editor. You will see the public key (and the private/secret key below if you selected that option for the export).
  6. Copy the entire public key block. The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

In the Save As window that appears, navigate to the location where you would like the exported .asc file to save. Click Save. You will see an acknowledgement that the keys were exported.

Navigate to the location you chose to save the file. Select the file and open it with TextEdit or a similar text editor. You will see the public key (and the private/secret key below if you selected that option for the export).

Copy the entire public key block. The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

Extending the Expiration Date of a PGP Key on Mac

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised then extending the expiration date is typically a more acceptable alternative to generating a new key. If you generate a new key then you will need to inform all your counterparties that you have a new key. Your counterparties should delete your old key and start using your new key.

To extend the expiration date of a key, open the GPG Keychain app, double-click the entry of the PGP Key, and navigate to the Key tab.

Select the Change button next to the expiration date field, provide a new date, and save the changes.

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.

Generating GPG Keys on Linux

This tutorial will show how to generate GPG keys using the GnuPG command line tools for Linux.

Run the command below from a terminal to install GnuPG.

On deb or apt based distributions (Debian, Ubuntu, Mint):

sudo apt install gnupg

On rpm or yum based distributions (Fedora, CentOS, RHEL):

sudo yum install gnupg

Generate a GPG Key Pair

Run this command to generate your GPG key pair:

gpg --full-generate-key

At the prompt, specify the kind of key you want, or press ENTER to accept the default (RSA and RSA).

When prompted, enter your desired key size. We recommend the maximum of 4096.

Next, specify how long the key should be valid for, or press ENTER to have the key never expire, and verify that your selections are correct.

When prompted, enter your real name, email address, and an optional comment if desired. Confirm your entries are correct by typing O (for Okay) and pressing ENTER.

Lastly, type a secure passphrase to protect your GPG key when prompted.

Your GPG key pair is now generated. Note your key ID from the output:

gpg: key 1655A54E2B4AD8A9 marked as ultimately trusted

In the example above, the GPG key ID is 1655A54E2B4AD8A9.

Copy Your GPG Public Key

Enter the command below to output your public key, replacing the example ID with your GPG key ID.

gpg --armor --export 1655A54E2B4AD8A9

Highlight and copy your GPG key, beginning with:

-----BEGIN PGP PUBLIC KEY BLOCK----- and ending with: -----END PGP PUBLIC KEY BLOCK-----

The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

Extending the Expiration Date of a PGP Key on Linux

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised then extending the expiration date is typically a more acceptable alternative to generating a new key. If you generate a new key then you will need to inform all your counterparties that you have a new key. Your counterparties should delete your old key and start using your new key.

Run this command to extend the expiration date of your GPG key pair:

gpg --quick-set-expire <KEY_ID> <NEW_EPIRATION_DATE> <OPTIONAL_SUB_KEY_ID>

For example, using the Key ID from the example above, and an expiration date for the end of this century, the command would be:

gpg --quick-set-expire 1655A54E2B4AD8A9 2099-12-31 \*

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2024 Files.com. All right reserved

FILES.COM

  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact

CONTACT & SUPPORT

support@files.com

(800) 286-8372

Monday–Friday

9am–8pm Eastern