Private-Mail Blog

 Get the Latest Private-Mail Updates and News here.
How to Generate an OpenPGP Key with PrivateMail or Kleopatra
27November

How to Generate an OpenPGP Key with PrivateMail or Kleopatra

This article was written by guest tech blogger Peter Selmeczy.

In this guide we’ll show you how to generate an OpenPGP key in 4 quick and easy steps so you can start communicating securely instantly.

We’ll be showing you two different ways of doing this:

  • Using PrivateMail
  • Using Kleopatra

On top of this, we’ll also show you how to export keys to keyservers, and find the public keys of others.

Generate an OpenPGP Key Pair using PrivateMail

If you’re a PrivateMail user, then you can generate a private key by logging into your account here, and follow these steps.

  1. Once logged click Settings in the top right corner, and then select OpenPGP in the left hand menu
  1. If you haven’t yet, enable OpenPGP by ticking the box and click Save
  2. Click Generate New Keys
  1. Select the email address you wish to generate the key for
    • Enter the password for your keys (this doesn’t have to be your account password)
    • Choose your preferred key length (4098 is more secure, but not necessary) 
  2. Your keys are now ready and you can export, import, and generate new keys using the relevant buttons

Generate an OpenPGP Key Pair Locally

If you are not a user of PrivateMail yet, then you can also generate OpenPGP keypairs using a number of different open source software. We prefer Kleopatra as it’s one of the most common ones. You can download Gpg4win for Windows and Kleopatra for Linux to get it. You can also find a list of supported software on the official OpenPGP website.

To generate an OpenPGP key pair using Gpg4win, follow these steps once you’ve installed it.

  1. Click “File” then “New Key Pair”
  • In the creation wizard enter your name and email address (optional). In the advanced settings you can also change the key strength and a few additional options.
  • Once you confirm the creation, enter and repeat your passphrase
  • Once it’s created you’ll be able to back it up (recommended) and also share it with others.

Exporting Public Key to Directory Services

In this step, we’ll show you how to export your public key to a directory service. Unfortunately, PrivateMail doesn’t support this yet, so we’ll be using using Gpg4win/ Kleopatra.

If you created your key pair using the above steps you’ll be able to immediately select “Upload Public Key To a Directory Service” to do. However, we’re going to assume you’ll wish to share a previously created key.

  • Import your certificate by clicking the Import button and finding your certificate file(s)
  • Right click on your key, and click “Publish on Server”
  • Your Key is now public
  • If you click “Lookup on Server” you’ll be able to search for it, as well as others.

Optionally, you can also generate a revocation certificate. The reason for this is that once you make a certificate public, it will forever remain public. However, with a revocation certificate you’ll be able to declare it unused. Here are the steps to generate a revocation certificate in Kleopatra.

  1. Right click on your chosen certificate and click details
  2. When prompted, save the file in your chosen location, and enter your passphrase
  3. Edit the certificate in Notepad (or similar) to be able to use it
  • In Kleopatra click Import
  • Your certificate is now revoked
  • If you go to “Lookup on Server” you will no longer be able to find the key.

What is the purpose of exporting your public key to the directory services server?

The purpose of exporting your public key is that it allows people to encrypt messages that they wish to send to you. Without it, any messages they send would be unencrypted. You are then able to decrypt the message using your private key. This is why it’s important to never share your private key with anyone else. 

In Kleopatra you can use “Look up on Server” to find all available public keys

In this guide we’ll show you how to generate an OpenPGP key in 4 quick and easy steps so you can start communicating securely instantly.

We’ll be showing you two different ways of doing this:

  • Using PrivateMail
  • Using Kleopatra

On top of this, we’ll also show you how to export keys to keyservers, and find the public keys of others.

Generate an OpenPGP Key Pair using PrivateMail

If you’re a PrivateMail user, then you can generate a private key by logging into your account here, and follow these steps.

  1. Once logged click Settings in the top right corner, and then select OpenPGP in the left hand menu
  2. If you haven’t yet, enable OpenPGP by ticking the box and click Save
  3. Click Generate New Keys
    1. Select the email address you wish to generate the key for
    2. Enter the password for your keys (this doesn’t have to be your account password)
    3. Choose your preferred key length (4098 is more secure, but not necessary) 
  4. Your keys are now ready and you can export, import, and generate new keys using the relevant buttons

Generate an OpenPGP Key Pair Locally

If you are not a user of PrivateMail yet, then you can also generate OpenPGP keypairs using a number of different open source software. We prefer Kleopatra as it’s one of the most common ones. You can download Gpg4win for Windows and Kleopatra for Linux to get it. You can also find a list of supported software on the official OpenPGP website.

To generate an OpenPGP key pair using Gpg4win, follow these steps once you’ve installed it.

  1. Click “File” then “New Key Pair”
  2. In the creation wizard enter your name and email address (optional). In the advanced settings you can also change the key strength and a few additional options.
  3. Once you confirm the creation, enter and repeat your passphrase
  4. Once it’s created you’ll be able to back it up (recommended) and also share it with others.

Exporting Public Key to Directory Services

In this step, we’ll show you how to export your public key to a directory service. Unfortunately, PrivateMail doesn’t support this yet, so we’ll be using using Gpg4win/ Kleopatra.

If you created your key pair using the above steps you’ll be able to immediately select “Upload Public Key To a Directory Service” to do. However, we’re going to assume you’ll wish to share a previously created key.

  1. Import your certificate by clicking the Import button and finding your certificate file(s)
  2. Right click on your key, and click “Publish on Server”
  3. Your Key is now public
  4. If you click “Lookup on Server” you’ll be able to search for it, as well as others.

Optionally, you can also generate a revocation certificate. The reason for this is that once you make a certificate public, it will forever remain public. However, with a revocation certificate you’ll be able to declare it unused. Here are the steps to generate a revocation certificate in Kleopatra.

  1. Right click on your chosen certificate and click details

  2. When prompted, save the file in your chosen location, and enter your passphrase
  3. Edit the certificate in Notepad (or similar) to be able to use it
  4. In Kleopatra click Import
  5. Your certificate is now revoked
  6. If you go to “Lookup on Server” you will no longer be able to find the key.

What is the purpose of exporting your public key to the directory services server?

The purpose of exporting your public key is that it allows people to encrypt messages that they wish to send to you. Without it, any messages they send would be unencrypted. You are then able to decrypt the message using your private key. This is why it’s important to never share your private key with anyone else. 

In Kleopatra you can use “Look up on Server” to find all available public keys

About the Author


Recent Posts

Popular Posts

Comments

Leave a Comment

Notify me of followup comments via e-mail