How to generate your own GnuPG key

GPG is software that is generally considered difficult to use because in the past it was typically used by tech-savvy people. However, in recent years, especially as privacy concerns have increased, GPG has become an easy-to-use piece of software for computer users of all levels. Now it’s even easier to create your own GPG key.

So what is a GPG key? How can you create one to encrypt your personal data?

What is a GPG key?

GPG is a free cryptographic tool. With GPG, you can perform operations such as encryption, signing, authentication, and building a network of trust using asymmetric and symmetric tools. Today, GPG is available in many different places, from securing GNU/Linux package distributions to email encryption.


A brief history of GPG

GPG began its software life as Pretty Good Privacy (PGP), written by Phil Zimmermann. PGP probably has one of the most inspiring stories in free software and freedom of knowledge.

The first version of PGP came to the world in 1991 when it was installed on Usenets, the most widespread Internet communication platform at that time. Various legal regulations at the time prohibited the importation of software that would work with keys greater than 40 bits wide, so Zimmermann and some of his friends distributed PGP via payphones and acoustic replicators.

PGP was not free software, but Zimmerman did not charge fees for non-commercial use. He also distributed the PGP source code with the software. Naturally, this drew the attention of the authorities, and Zimmermann was sued for violating the military export law. The company that owns the license rights to the RSA algorithm used by PGP was also involved.

Zimmermann had an idea for the free use of PGP. Although the export of cryptographic tools was blocked by law, the constitution’s free speech provision protected books published by private individuals. In this context, Zimmermann has published the complete PGP source code of the MIT publisher, along with an OCR-compliant font. In this way, the book was distributed under constitutional protection and those who wanted it could scan the book and access the PGP.

PGP was later developed as free software under the leadership of the Free Software Foundation, under the name GnuPG, according to the OpenPGP standard.

How to generate GPG keys

To use GPG, you must first have a GPG key and store it securely. GPG key generation varies depending on the hardware and operating system you are using. If your threat model is not particularly high and you only want to encrypt your basic correspondence for your own privacy, you can quickly and relatively securely generate GPG keys across all your devices using the methods below.

Generating a GPG key with Kleopatra for computers

For GNU/Linux distributions, there is a GnuPG client with a nice graphical interface. In this regard, Kleopatra, the key administrator of the KDE desktop environment, is particularly useful as it is cross-platform and offers the most extensive administration options.

Depending on the operating system you are using, you can install Kleopatra using the following commands:

For Debian/Ubuntu (APT):

sudo apt-get install kleopatra\n

For Red Hat/Fedora (RPM):

sudo yum install kleopatra\n

You can download the Gpg4win program for Microsoft Windows and install it on your system.

After the installation is complete, run Kleopatra as you wish.

Kleopatra has almost the same interface no matter what operating system you use. The screenshots below are of a Kleopatra installed on a Debian distribution; however, they should still be recognizable if you are using a different operating system.

When you open Kleopatra, you’ll see a screen like this:

welcome to cleopatra

To generate your first key, you can click on the Proceedings menu and use the New key pair option. Click Generate personal OpenPGP key pair from the dropdown menu and continue.

create personal pgp keys

Kleopatra will ask for your name and email address. You don’t have to provide precise information here, but GnuPG establishes people’s identities. This key means that people who know you trust you, so you can prove that the transactions you make with this key belong to you. For this reason, you must use real information. In any case, there is nothing preventing you from changing this information as you please.

johndoe email address key pairing

Click on advanced settings and you will see some technical data about your key. The “Wrench Material” section has the type and size of the wrench you will be using. It is important for the future of your key that you increase the RSA key size to the maximum of 4096 bits. Also, if you are going to SSH with your key, you can continue by checking the Authentication cash register. The validity period, on the other hand, ensures that your key becomes unusable after a certain date in case you lose it. When that date arrives, you will be able to renew your key again. It depends on your preference, but two or three years is ideal.

kleopatra technical details key

Click okay after making the settings. When you return to the “Enter Details” page, click the next button. When the “Review Parameters” page opens, click tTo create. Kleopatra will ask you for a password. This password is needed to encrypt her key and is responsible for the security of your entire key. That is why she must use a strong and unpredictable password.

After entering your password, the process may take a few minutes depending on the capabilities of your device and the source of randomness.

successful key creation

If you see the above screen, it means that you have created your key. At this stage, you can make a backup of your key.

If you want to use your key for email correspondence, you can send it to the key servers by clicking on Upload public key to directory service. That way, you can make sure that anyone can send you encrypted emails.

However, there is a very important detail that you should not forget. The keys that you upload to the key server will remain there forever. Do not send the key to the servers until you are sure you will use your key or have what it takes to revoke it. If you do not have the secret key, password, or revocation certificate, the keys on the server will remain valid until the expiration date.

How to generate a GPG key for Android devices

It is much easier to use GnuPG on Android operating systems. You can use the free OpenKeychain software for this. With this application, you can easily perform GnuPG operations and provide key management.

First of all, download the OpenKeychain software for Android mobile operating system and install it on your phone. OpenKeychain will give you some options for key usage. From here, proceed by selecting the create my key option.

create gpg keys

OpenKeychain will ask for your name or username. You don’t have to give your real name here. However, you may want to provide actual information to prove that the transactions you will perform with the key you create belong to you. However, you can change this information later.

In the next step, OpenKeychain will ask you to enter your email address. You can add or remove new addresses later if necessary.


Before generating your key, there is an option to Publish to keyservers at the stage where your name and email are displayed. If you are going to use your key for email correspondence, you can continue to check this option.

openkeychain keyservers page

But remember, the keys you upload to the keyserver will stay on the servers forever. Therefore, unless you have the secret key, password, or a revocation certificate to revoke your key, keys on the server will remain valid until their expiration date.

Now you can start creating your key by clicking on the create password button. After your device has performed the necessary operations, you will see your key on the main OpenKeychain page.

encrypt openkeychain gpg

Why should I generate my own GnuPG key?

Your conversations about your work, emails with banks, money transfers or the secret codes of the project you are working on are not secure. However, with methods like GnuPG, it is possible to protect all of this in the best possible way. You can encrypt as many files as you want with the GnuPG key you have created.

Leave a Comment