HOW TO: Create PGP Keys in PGP Desktop 9.x for Windows

Article:HOWTO41894  |  Created: 2006-02-17  |  Updated: 2011-02-16  |  Article URL http://www.symantec.com/docs/HOWTO41894
Article Type
How To



Create a PGP Key in PGP Desktop 9.x for Windows.


The following instructions will detail the creation of new keys and smart card keys.

PGP Keys are essential to the use of PGP Desktop encryption, please backup your keys by either exporting the key(s) to a file and storing in a secure location, or by using the backup feature provide within PGP Desktop to do so (see the Backup option within PGP Options).

Enter a passphrase that is not easy to guess, but do not enter a passphrase easily forgotten. If the passphrase to a key is forgotten, any Email or file encrypted to the key will remain encrypted.

 

Create a Keypair

If you skipped the Keypair creation during installation, or if you would like to create a new keypair, proceed with these steps:

 

  1. Open PGP Desktop.
  2. Open the File menu and click New PGP Key.
  3. When the PGP Key Generation Assistant appears, read about generating PGP keys, and then click Next.

    Note: If you will be generating a PGP key on a token, the option to create on token will be displayed below. If the token is not connected, the option will not be active.

     
  4. Enter a full name and email address you would like associated with the key. If you would like to enter additional email addresses to be associated with this one key, click More, and then add the email addresses in the open spaces provided.
  5. (Optional) If you wish to select a specific key type/size/algorithm, you may do so through the Advanced option in the bottom left.
  6. When you have reviewed the information to make certain it is correct, click Next.
  7. Enter and confirm the passphrase. Click Next.
  8. Publish the Key to the PGP Global Directory by clicking Next, entering the passphrase of the Key (if it wasnt already cached), clicking the link you receive in the email sent from the Global Directory and importing and signing the Global Directorys verification key.

Create/Import Key on Smart Card or Token

To be able to create/import PGP keys on a smart card or token, you need to be certain you have the correct cryptographic libraries/drivers (pkcs 11). Make certain the manufacturer of the smart card or token provides you with these libraries/drivers. Once you have installed the drivers and the smart card or token, follow these steps for creating or importing a key onto a smart card or token.

 

Note: If you have more than one type of smart card/token installed, open PGP Desktop, select the Tools>PGP Options menu. Select the Keys tab and change the "synchronize with smart cards and tokens option to the specific name of the smart card or token you will be creating/importing the key on. A good indication that you have been successful is whether or not a new keyring (e.g. All Keys, My Private Keys) within PGP Desktop called Smart Card Keys is now displayed.

 


Create PGP Key on Smart Card or Token

 

  1. Connect the smart card or token.
  2. Open PGP Desktop.
  3. Open the File menu and click New PGP Key.
  4. When the PGP Key Generation Assistant appears, locate and select the checkbox at the bottom to Generate Key On the smart card or token listed. Click Next.
  5. Enter a full name and email address you would like associated with the key. If you would like to enter additional email addresses to be associated with this one key, click More, and then add the email addresses in the open spaces provided.
  6. (Optional) If you wish to select a specific key type/size/algorithm, you may do so through the Advanced option in the bottom left.
  7. Enter the passphrase (PIN) of the smart card.
  8. After the key is generated, you may publish it to the global directory. When this is complete the new key will be displayed in Smart Card Keys (keyring).

Send a PGP Key to a Smart Card or Token

  1. Connect the smart card or token.
  2. Open PGP Desktop.
  3. Locate the key you wish to send. Make certain the key type is RSA and the key size is no greater than 1024.
  4. Right click on the key, point to Add To, and click Smart Card Keys. This option will be grayed out if the key is not of the correct size and type as described above.
  5. Enter the passphrase of the private key.
  6. Enter the passphrase (PIN) of the smart card or token. This will be the passphrase you will be using for future decryption with the smart card key.
  7. (Optional) Remove the private key from PGP Desktop keyring.

    Note: This is the most secure option. The reason for this being very secure is the data encrypted to the key stored on your smart card can be decrypted only when the smart card or token is connected.

     

Legacy ID



65


Article URL http://www.symantec.com/docs/HOWTO41894


Terms of use for this information are found in Legal Notices