+
+
Step 2.a Make a keypair
+
+
The Enigmail Setup wizard may start automatically. If it doesn't, select
+Enigmail → Setup Wizard from your email program's menu. You don't need
+to read the text in the window that pops up unless you'd like to, but it's
+good to read the text on the later screens of the wizard. Click Next with
+the default options selected, except in these instances, which are listed
+in the order they appear:
+
+
+- On the screen titled "Encryption," select "Encrypt all of my messages
+by default, because privacy is critical to me."
+
+- On the screen titled "Signing," select "Don't sign my messages by
+default."
+
+- On the screen titled "Key Selection," select "I want to create a new
+key pair for signing and encrypting my email."
+
+- On the screen titled "Create Key," pick a strong password! You can
+do it manually, or you can use the Diceware method. Doing it manually
+is faster but not as secure. Using Diceware takes longer and requires
+dice, but creates a password that is much harder for attackers to figure
+out. To use it, read the section "Make a secure passphrase with Diceware" in
+this article by Micah Lee.
+
+
+
If you'd like to pick a password manually, come up with something
+you can remember which is at least twelve characters long, and includes
+at least one lower case and upper case letter and at least one number or
+punctuation symbol. Never pick a password you've used elsewhere. Don't use
+any recognizable patterns, such as birthdays, telephone numbers, pets' names,
+song lyrics, quotes from books, and so on.
+
+
The program will take a little while to finish the next
+step, the "Key Creation" screen. While you wait, do something else with your
+computer, like watching a movie or browsing the Web. The more you use the
+computer at this point, the faster the key creation will go.
+
+
When the "Key Generation Completed" screen
+pops up, select Generate Certificate and choose to save it in a safe place on
+your computer (we recommend making a folder called "Revocation Certificate"
+in your home folder and keeping it there). This step is essential for your
+email self-defense, as you'll learn more about in Section
+5.
+
+
+
+
+
Troubleshooting
+
+
+- I can't find the Enigmail menu.
+- In many new email programs, the main menu is represented by an image
+of three stacked horizontal bars. Enigmail may be inside a section called
+Tools.
+
+- The wizard says that it cannot find GnuPG.
+- Open whatever program you usually use for installing software, and search
+for GnuPG, then install it. Then restart the Enigmail setup wizard by going
+to Enigmail → Setup Wizard.
+
+- More resources
+- If you're having trouble with our
+instructions or just want to learn more, check out
+Enigmail's wiki instructions for key generation.
+
+- Don't see a solution to your problem?
+- Please let us know on the feedback
+page.
+
+
+
+
+
+
+
+
Advanced
+
+
+- Command line key generation
+- If you prefer using the command line for a higher
+degree of control, you can follow the documentation from The GNU Privacy
+Handbook. Make sure you stick with "RSA and RSA" (the default),
+because it's newer and more secure than the algorithms the documentation
+recommends. Also make sure your key is at least 2048 bits, or 4096 if you
+want to be extra secure.
+
+- Advanced key pairs
+- When GnuPG creates a new keypair, it compartmentalizes
+the encryption function from the signing function through subkeys. If you use
+subkeys carefully, you can keep your GnuPG identity much more
+secure and recover from a compromised key much more quickly. Alex Cabal
+and the Debian wiki
+provide good guides for setting up a secure subkey configuration.
+
+
+
+