Step 2.b Some important steps following creation
Upload your key to a keyserver
We will upload your key to a keyserver, so if someone wants to send you an encrypted message, they can download your public key from the Internet. There are multiple keyservers
that you can select from the menu when you upload, but they are all copies
of each other, so it doesn't matter which one you use. However, it sometimes
takes a few hours for them to match each other when a new key is uploaded.
# Copy your keyID gnupg --list-key [your@email] will list your public ("pub") key information, including your keyID, which is a unique list of numbers and letters. Copy this keyID, so you can use it in the following command.
# Upload your key to a server: gpg --send-key [keyID]
Export your key to a file
Use the following command to export your secret key so you can import it into your email client at the next step. To avoid getting your key compromised, store this in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Exporting your keys can be done with the following commands:
$ gpg --export-secret-keys -a keyid > my_secret_key.asc
$ gpg --export -a keyid > my_public_key.asc
Generate a revocation certificate
Just in case you lose your key, or it gets compromised, you want to generate a certificate and choose to save it in a safe place on your computer for now (please refer to step 6.C for how to best store your revocation cerficate safely). This step is essential for your email self-defense, as you'll learn more about in Section
5.
# Copy your keyID gnupg --list-key [your@email] will list your public ("pub") key information, including your keyID, which is a unique list of numbers and letters. Copy this keyID, so you can use it in the following command.
# Upload your key to a server: gpg --output revoke.asc [keyID]
# It will prompt you to give a reason for revocation, we recommend to use 1 "key has been compromised"
# You don't have to fill in a reason, but you can, then press enter for an empty line, and comfirm your selection.
Troubleshooting
- My key doesn't seem to be working or I get a "permission denied".
- Like every other file or folder, gpg keys are subject to permissions. If these are not set correctly, your system may not be accepting your keys. You can follow the next steps to check, and update to the right permissions.
# Check your permissions: ls -l ~/.gnupg/*
# Set permissions to read, write, execute for only yourself, no others. This is the recommended permission for your folder, you can use the code
chmod 700 ~/.gnupg.
# Set permissions to read, write for only yourself, no others. This is the recommended permission for the keys inside your folder, you can use the code: chmod 600 ~/.gnupg/*.
If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened. For more information on permissions, you can check out this detailed information guide.
- Don't see a solution to your problem?
- Please let us know on the feedback
page.
Advanced
- More about keyservers
- You can find some more keyserver information in this manual. The sks Web site
maintains a list of highly interconnected keyservers. You can also directly export
your key as a file on your computer.
- Transferring your keys
- Use the following commands to transfer your keys. To avoid getting your key compromised, store it in a safe place, and make sure that if it is transferred, it is done so in a trusted way. Importing and exporting a key can be done with the following commands:
$ gpg --export-secret-keys -a keyid > my_private_key.asc
$ gpg --export -a keyid > my_public_key.asc
$ gpg --import my_private_key.asc
$ gpg --import my_public_key.asc
Ensure that the keyID printed is the correct one, and if so, then go ahead and add ultimate trust for it:
$ gpg --edit-key [your@email]
Because this is your key, you should choose ultimate. You shouldn't trust anyone else's key ultimately.
Refer to troubleshoot in step 2.B for more information on permissions. When transferring keys, your permissions may get mixed, and errors may be prompted. These are easily avoided when your folders and files have the right permissions