Generating a New Key Pair

To exchange encrypted messages with other users, you must first generate your own key pair. One part of it—the public key—is distributed to your communication partners, who can than use it to encrypt the files or e-mail messages they send. The other part of the key pair—the private key—is used to decrypt the encrypted contents.

[Important]

The public key is intended for the public and should be distributed to all your communication partners. However, only you should have access to the private key. Do not grant other users access to this data.

Creating OpenPGP Keys

OpenPGP is a non proprietary protocol for encrypting e-mail with the use of public key cryptography based on PGP. It defines standard formats for encrypted messages, signatures, private keys and certificates for exchanging public keys.

  1. Click Computer+More Applications+Utilities+Passwords and Encryption Keys.

  2. Click Key+Create New Key.

  3. Select PGP Key, then click Continue.

  4. Specify your full name, e-mail address, and any additional information.

  5. (Optional) Click Advanced key options to specify the following advanced options for the key.

    Encryption Type:  Specifies the encryption algorithms used to generate your keys. DSA ElGamal is the recommended choice because it lets you encrypt, decrypt, sign, and verify as needed. Both DSA (sign only) and RSA (sign only) allow only signing.

    Key Strength:  Specifies the length of the key in bits. The longer the key, the more secure it is (provided a strong passphrase is used), but keep in mind that performing any operation with a longer key requires more time than it does with a shorter key. Acceptable values are between 1024 and 4096 bits. At least 2048 bits is recommended.

    Expiration Date:  Specifies the date at which the key will cease to be usable for performing encryption or signing operations. You will have to either change the expiration date or generate a new key or subkey after this amount of time passes. Sign your new key with your old one before it expires to preserve your trust status.

  6. Click Create to create the new key pair.

    The Passphrase for New PGP Key dialog box opens.

  7. Specify the passphrase twice for your new key, then click OK.

    When you specify a passphrase, use the same practices you use when you create a strong password. The main difference between a password and a passphrase is that spaces are valid characters in a passphrase.

Creating Secure Shell Keys

Secure Shell (SSH) is a method of logging into a remote computer to execute commands on that machine. SSH keys are used in key-based authentication system as an alternative to the default password authentication system. With key-based authentication, there is no need to manually type a password to authenticate.

  1. Click Computer+More Applications+Utilities+Passwords and Encryption Keys.

  2. Click Key+Create New Key.

  3. Select Secure Shell Key, then click Continue.

  4. Specify a description of what the key is to be used for.

    You can use your e-mail address or any other reminder.

  5. (Optional) Click Advanced key options to specify the following advanced options for the key.

    Encryption Type:  Specifies the encryption algorithms used to generate your keys. Select RSA to use the Rivest-ShamirAdleman (RSA) algorithm to create the SSH key. This is the preferred and more secure choice. Select DSA to use the Digital Signature Algorithm (DSA) to create the SSH key.

    Key Strength:  Specifies the length of the key in bits. The longer the key, the more secure it is (provided a strong passphrase is used), but keep in mind that performing any operation with a longer key requires more time than it does with a shorter key. Acceptable values are between 1024 and 4096 bits. At least 2048 bits is recommended.

  6. Click Just Create Key to create the new key, or click Create and Set Up to create the key and set up another computer to use for authentication.

  7. Specify the passphrase for your new key, click OK, then repeat.

    When you specify a passphrase, use the same practices you use when you create a strong password. The main difference between a password and a passphrase is that spaces are valid characters in a passphrase.