Generating GPG Keys

---

You can generate a GPG/PGP key pair using your browser using the GPG Key Manager or while setting up automated encryption or decryption.

If you want to generate a key pair that can be used for multiple encryption or decryption folders then use the GPG Key Manager to generate the key pair. This method stores the private key within Files.com. The private key is encrypted while stored and cannot be accessed by Files.com employees.

The GPG app we will use for this tutorial is the Gpg4win app suite. You can learn about and download the app on the Gpg4win site. The installer will install an app called Kleopatra, which is a key management app that can be used to generate key pairs and to import private keys provided to you by others for the purpose of decrypting files.

Download and install Gpg4win from the official website: https://gpg4win.org/

Open the Kleopatra certificate manager app from the Windows Start menu.

Select the File menu then select the New OpenPGP Key Pair menu item.

Follow the on-screen instructions and enter your name and email address.

Select the Protect the generated key with a passphrase option. (This is optional. You can leave this option unselected if you wish to have no passphrase to protect the private key.)

Select Advanced Settings... and make sure, under the Certificate Usage section, that both Signing and Encryption are selected.

Select OK to start the key generation process. If prompted, enter a strong passphrase to protect your private key.

Right-click on the newly created key and select Export... to export the public portion of the GPG/PGP key.

Right-click on the newly created key and select Backup Secret Keys... to export the private portion of the GPG/PGP key. If prompted, enter the passphrase for the key.

You can open and view the exported files using a text editor or viewer such as Notepad.

Your public key is the entire contents of the text that begins with: -----BEGIN PGP PUBLIC KEY BLOCK----- and ends with: -----END PGP PUBLIC KEY BLOCK-----

Your private key is the entire contents of the text that begins with: -----BEGIN PGP PRIVATE KEY BLOCK----- and ends with: -----END PGP PRIVATE KEY BLOCK-----

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised then extending the expiration date is typically a more acceptable alternative to generating a new key. If you generate a new key then you will need to inform all your counterparties that you have a new key. Your counterparties should delete your old key and start using your new key.

To extend the expiration date of a key, open the Kleopatra certificate manager app from the Windows Start menu and double-click the entry of the PGP Key to view its details.

Select the Change Expiry Date button, provide a new date, and save the changes.

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.

The GPG app we will use for this tutorial is GPG Suite. You can learn about and download this toolset from the official GPG Tools site. Download and install the app just as you do any other app for macOS. The installer will install an app called GPG Keychain. Once installation is complete, you can launch the app from your Launchpad or double click it in your Applications folder.

GPG Keychain opens to a window showing a list of current keys (one will appear by default, created by the GPG Tools team - leave that there).

To generate a new key pair, click on the New key icon in the upper left corner of the window.

Fill in the information form and choose a strong password. Be sure to keep a record of the password in a safe place such as a password manager, as this will be required to decrypt files using this keypair. GPG Keychain will allow you to proceed with the key generation without using a password, but this is less secure.

When you have the form data entered, click the Generate Key button to finish the process.

To copy your public key, Select the key by name by clicking on it in the list view, then click the Export key icon in the upper left corner. GPG Keychain will prepare to export an .asc file containing your public key (you can also check the box to include the private or "secret" key if you need to provide that to another person).

1. Select the key by name by clicking on it in the list view, then click the Export key icon in the upper left corner. GPG Keychain will prepare to export an .asc file containing your public key (you can also check the box to include the private or "secret" key if you need to provide that to another person).
2. In the Save As window that appears, navigate to the location where you would like the exported .asc file to save.
3. Click Save. You will see an acknowledgement that the keys were exported.
4. Navigate to the location you chose to save the file.
5. Select the file and open it with TextEdit or a similar text editor. You will see the public key (and the private/secret key below if you selected that option for the export).
6. Copy the entire public key block. The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

In the Save As window that appears, navigate to the location where you would like the exported .asc file to save. Click Save. You will see an acknowledgement that the keys were exported.

Navigate to the location you chose to save the file. Select the file and open it with TextEdit or a similar text editor. You will see the public key (and the private/secret key below if you selected that option for the export).

Copy the entire public key block. The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised then extending the expiration date is typically a more acceptable alternative to generating a new key. If you generate a new key then you will need to inform all your counterparties that you have a new key. Your counterparties should delete your old key and start using your new key.

To extend the expiration date of a key, open the GPG Keychain app, double-click the entry of the PGP Key, and navigate to the Key tab.

Select the Change button next to the expiration date field, provide a new date, and save the changes.

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.

This tutorial will show how to generate GPG keys using the GnuPG command line tools for Linux.

Run the command below from a terminal to install GnuPG.

On deb or apt based distributions (Debian, Ubuntu, Mint):

sudo apt install gnupg

On rpm or yum based distributions (Fedora, CentOS, RHEL):

sudo yum install gnupg

Run this command to generate your GPG key pair:

gpg --full-generate-key

At the prompt, specify the kind of key you want, or press ENTER to accept the default (RSA and RSA).

When prompted, enter your desired key size. We recommend the maximum of 4096.

Next, specify how long the key should be valid for, or press ENTER to have the key never expire, and verify that your selections are correct.

When prompted, enter your real name, email address, and an optional comment if desired. Confirm your entries are correct by typing O (for Okay) and pressing ENTER.

Lastly, type a secure passphrase to protect your GPG key when prompted.

Your GPG key pair is now generated. Note your key ID from the output:

gpg: key 1655A54E2B4AD8A9 marked as ultimately trusted

In the example above, the GPG key ID is 1655A54E2B4AD8A9.

Enter the command below to output your public key, replacing the example ID with your GPG key ID.

gpg --armor --export 1655A54E2B4AD8A9

Highlight and copy your GPG key, beginning with:

-----BEGIN PGP PUBLIC KEY BLOCK----- and ending with: -----END PGP PUBLIC KEY BLOCK-----

The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised then extending the expiration date is typically a more acceptable alternative to generating a new key. If you generate a new key then you will need to inform all your counterparties that you have a new key. Your counterparties should delete your old key and start using your new key.

Run this command to extend the expiration date of your GPG key pair:

gpg --quick-set-expire <KEY_ID> <NEW_EPIRATION_DATE> <OPTIONAL_SUB_KEY_ID>

For example, using the Key ID from the example above, and an expiration date for the end of this century, the command would be:

gpg --quick-set-expire 1655A54E2B4AD8A9 2099-12-31 \*

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.