1. Generate Gpg Key Without Passphrase Key
2. Gpg Passphrase File

/github-generate-ssh-key-mac.html. If you are on version 2.1.17 or greater, paste the text below to generate a GPG key pair. $ gpg -full-generate-key; If you are not on version 2.1.17 or greater, the gpg -full-generate-key command doesn't work. Paste the text below and skip to step 6. $ gpg -default-new-key-algo rsa4096 -gen-key.

1. This is how to create a gpg key without any user interaction or password. This can be used in cases where the primary goal is to secure the data in transit but the gpg key can/must be stored locally without a password. An example of this is the hiera-gpg plugin which doesn't support passwords.
2. Originally I had a couple extra steps to use rng-tools to seed entropy from /dev/urandom. Apparently this is a bad idea because it will just feed bytes regardless of whether there's enough entropy.
3. Jun 30, 2018 Now it asks you to enter a passphrase to protect your private key. Enter a good and long passphrase and remember it. Because if you forget this passphrase, you won’t be able to unlock you private key. Once you enter and confirm your passphrase. GPG will generate your keys. We need to generate a lot of random bytes.
4. The command -generate-key may be used along with the option -batch for unattended key generation. This is the most flexible way of generating keys, but it is also the most complex one. Consider using the quick key manipulation interface described in the previous subsection “The quick key.

Encryption is a process of embedding plain text data in such a way that it cannot be decoded by outsiders. It is necessary to encrypt data to prevent misuse. The GNU Privacy Guard (GPG) application allows you to encrypt and decrypt information. It is based on the use of a pair of keys, one public and one private (or secret). Data encrypted with one key can only be decrypted with the other. To encrypt a message to you, someone would use your public key to create a message that could only be unlocked with your private key. To sign information, you would lock it with your private key, allowing anyone to verify that it came from you by unlocking it with your public key.

Modern Linux distributions have gpg already installed on them. If not present, install it.

Generate Gpg Key Without Passphrase Key

on Centos

on Ubuntu

1) Create gpg key

When installing gnupg package, we need to understand the concept to use gpg as well.

Generating a new keypair

To encrypt your communication, the first thing to do is to create a new keypair. GPG is able to create several types of keypairs, but a primary key must be capable of making signatures.

• uid: Please take a note about the USER-ID mentioned in the result. We will use its value to do some operation.
• pub: It represents the public key. The key-id is BAC361F1. Yours will be different
• sub: It represents subkeys, goes along with the primary key. Commonly, it is used to encryption.

Your prompt can be handled for a very long time without finishing if you see the message below

Gpg Passphrase File

'Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 285 more bytes)'

The problem is caused by the lack of entropy (or random system noise). So cancel the process and check the available entropy

You can see it is not enough. We can install a package to solve the lack of entropy with rngd which is a random number generator utility used to check immediately the available entropy

Now can start again with the gpg --gen-key command and the process will be fine. We have only installed it without anything else. In certain distributions, you need to use rngd before the gpg process.

3) Generating a revocation certificate

After your keypair is created you should immediately generate a revocation certificate to revoke your public key if your private key has been compromised in any way or if you lose it. Create it when you create your key. The process requires your private key, passphrase.

The argument BAC361F1 is the key ID. It must be a key specifier, either the key ID of your primary keypair or any part of a user ID that identifies your keypair like my_name@linoxide.com. The generated certificate will be saved in revoke_key.asc file. Store it where others can't access it because anybody having access to it can revoke your key, rendering it useless. If the --output option is omitted, the result will be placed on standard output.

4) Making an ASCII armored version of your public key

Some keyservers allow you to paste an ASCII armored version of your public key in order to upload it directly. This method is most preferred because the key comes directly from the user who can see that the key has been successfully uploaded.

5) Exchanging keys

In order to communicate with others, you must exchange public keys. To do it, you must be able to list your keys. There is some commands to list your public keyring

• gpg --list-keys: List all keys from the public keyrings, or just the keys given on the command line.
• gpg --list-secret-keys: List all keys from the secret keyrings or just the ones given on the command line
• gpg --list-sigs: Same as --list-keys, but the signatures are listed too.

Export a public key

Now that you have generated a key pair, the next step is to publish your public key on internet ( Keyservers ) so that other person can use it to send you a message. You can use either the key ID or any part of the user ID may be used to identify the key to export. There are two commands but with the first command, the key is exported in a binary format and can be inconvenient when it is sent through email or published on a web page. So, we will use the second command for ASCII armored method.

The output will be redirected to my_pubkey.gpg file which has the content of the public key to provide for communication.

Submit your public keys to a keyserver

Once you have this ASCII-armored public key, you can manually paste it into a form at a public key server like pgp.mit.edu

Because someone seems to have sent you their public key, there's no reason to trust that it's from that person unless you have validated it.

Import a public key

As others persons can use your public key to send you a message, you can import public from people you trust in to communicate with them.

Conclusion

Now we have notions on the principles to use and generate a public key. You know how GnuPG is functioning and you can use it for secure communication. GPG encryption is only useful when both parties use good security practices and are vigilant.

Read Also:

Table of Contents

Generating a new keypair

Exchanging keys

Encrypting and decrypting documents

Making and verifying signatures

GnuPG is a tool for secure communication.This chapter is a quick-start guide that covers the core functionalityof GnuPG.This includes keypair creation, exchanging and verifying keys, encryptingand decrypting documents, and authenticating documents with digitalsignatures.It does not explain in detail the concepts behind public-key cryptography,encryption, and digital signatures.This is covered in Chapter 2.It also does not explain how to use GnuPG wisely.This is covered in Chapters 3 and 4.

GnuPG uses public-key cryptography so that users may communicate securely.In a public-key system, each user has a pair of keys consisting ofa private key and a public key.A user's private key is kept secret; it need never be revealed.The public key may be given to anyone with whom the user wants tocommunicate.GnuPG uses a somewhat more sophisticated scheme in which a user hasa primary keypair and then zero or more additional subordinate keypairs.The primary and subordinate keypairs are bundled to facilitate keymanagement and the bundle can often be considered simply as one keypair.

The command-line option --gen-keyis used to create a new primary keypair.GnuPG is able to create several different types of keypairs, but a primarykey must be capable of making signatures.There are therefore only three options.Option 1 actually creates two keypairs.A DSA keypair is the primary keypair usable only for making signatures.An ElGamal subordinate keypair is also created for encryption. Option 2 is similar but creates only a DSA keypair.Option 4[1] creates a single ElGamal keypair usable for both making signatures and performing encryption.In all cases it is possible to later add additional subkeys for encryptionand signing.For most users the default option is fine.

You must also choose a key size.The size of a DSA key must be between 512 and 1024 bits, and an ElGamalkey may be of any size.GnuPG, however, requires that keys be no smaller than 768 bits.Therefore, if Option 1 was chosen and you choose a keysize larger than1024 bits, the ElGamal key will have the requested size, but the DSAkey will be 1024 bits.The longer the key the more secure it is against brute-force attacks,but for almost all purposes the default keysize is adequate sinceit would be cheaper to circumvent the encryption than try to break it.Also, encryption and decryption will be slower as thekey size is increased, and a larger keysize may affect signature length.Once selected, the keysize can never be changed.

Finally, you must choose an expiration date.If Option 1 was chosen, the expiration date will be used for both theElGamal and DSA keypairs.For most users a key that does not expire is adequate.The expiration time should be chosen with care, however,since although it is possible to change the expiration date after the keyis created, it may be difficult to communicate a changeto users who have your public key.

You must provide a user ID in addition to the key parameters.The user ID is used to associate the key being created with a realperson.Only one user ID is created when a key is created, but it is possibleto create additional user IDs if you want to use the key in two ormore contexts, e.g., as an employee at work and a political activiston the side.A user ID should be created carefully since it cannot be edited afterit is created.

GnuPG needs a passphrase to protect the primary and subordinate private keys that you keep in your possession.There is no limit on the length of a passphrase, and it should becarefully chosen.From the perspective of security, the passphrase to unlock the privatekey is one of the weakest points in GnuPG (and other public-key encryption systems as well) since it is the only protection you have if another individual gets your private key.Ideally, the passphrase should not use words from a dictionary andshould mix the case of alphabetic characters as well as use non-alphabetic characters.A good passphrase is crucial to the secure use of GnuPG.

Generating a revocation certificate

After your keypair is created you should immediately generate a revocationcertificate for the primary public key using the option--gen-revoke.If you forget your passphrase or if your private key is compromised or lost, this revocation certificate may be published to notify othersthat the public key should no longer be used.A revoked public key can still be used to verify signatures madeby you in the past, but it cannot be used to encrypt future messagesto you.It also does not affect your ability to decrypt messages sent toyou in the past if you still do have access to the private key.The argument mykey must be a keyspecifier,either the key ID of your primary keypair or any part of a user IDthat identifies your keypair.The generated certificate will be left in the filerevoke.asc.If the --output option is omitted, the result will be placed on standard output.Since the certificate is short, you may wish to print a hardcopy ofthe certificate to store somewhere safe such as your safe deposit box.The certificate should not be stored where others can access it sinceanybody can publish the revocation certificate and render thecorresponding public key useless.

Notes

[1]

Option 3 is to generate an ElGamal keypair that isnot usable for making signatures.