How to Generate GPG Public / Private Key Pair (RSA / DSA / ElGamal)?

This post is meant to simplify the procedure for generating GNUPG keys on a Linux machine. In the example below, I am generating a 4096 bit RSA public private key pair.

Step 1. Initiate the generation process

gpg --gen-key

This initiates the generation process. You have to answer some questions to configure the needed key size and your details. For example, select from several kinds of keys available. If you do not know which one you need, the default 1 will do fine.

I usually select my key size to be 4096 bits which is quite strong. You can do the same or select a lower bit size. Next, select an expiration date for your key – I chose ’never'.

Step 2. Generate entropy

The program needs entropy, also known as randomness, to generate the keys. For this you need to type on the keyboard or move the mouse pointer or use disk. However, you may still have to wait a while before the keys are generated.

For this reason, I use rng-tools to generate randomness. First install ‘rng-tools’ by typing:

apt-get install rng-tools

Run the tool:

rngd -r /dev/urandom

The process of finding entropy should now conclude faster. On my system, it was almost instantaneous.

Step 3. Check ~/.gnupg to locate the keys

Once the keys are generated, they are usually stored in ~/.gnupg, a hidden gnupg directory in the home folder. You can check the location of keys by typing:

gpg -k

The key fingerprint can be obtained by:

gpg --fingerprint

Step 4. Export the public key to be shared with others

For others to be able to communicate with you, you need to share you public key. So move to the ~/.gnupg folder and export the public key:

gpg --armor --export email@host.com > pub_key.asc

ls should now show you a new file in the folder called pubkey.asc. Now cat will show you that this is the public key file.

Important!
Needless to say (but I’ll say it anyway), do not share your private key with anyone.