HOW TO: Use PGP Command Line to Create and Manage PGP Keys

Article:HOWTO41935  |  Created: 2006-03-14  |  Updated: 2011-02-28  |  Article URL http://www.symantec.com/docs/HOWTO41935
Article Type
How To




This article describes how to create and manage PGP Keys using PGP Command Line 8.x/9.x. This includes generating key pairs, importing and exporting keys, and sending keys to keyservers. This pertains to Windows NT4/2000/XP, Linux, and Unix platforms.


If you have PGP Desktop installed on the same Windows computer as the PGP Command Line, and you installed PGP Desktop to the default directory, then PGP Command Line will automatically locate and use your existing keyrings. If you are not using PGP Keyrings from a PGP Desktop product, you will need to create blank keyring files. To do so open a command prompt and type the following command:

 

pgp --create-keyrings



This will create a pubring.pkr (public keyring) and secring.skr (private keyring) file in the default keyring location. For Windows this is in the My Documents>PGP folder. This article will use [ ] to identify information that you will need to enter that is specific to your individual keys.

 

Generate A Key Pair

To create a key pair using PGP Command Line follow these steps:

 

  1. Open a command shell or DOS prompt.
  2. On the command line, enter:

    pgp --gen-key [user ID] --key-type [key type] --bits [bits #] --passphrase [passphrase]


    NOTE: Any information that contains spaces must be contained inside quotation marks. See the example below step 3.

     
  3. Press "Enter" when the command is complete. Example: The following example will show you how to create a 2048 Bit RSA key for Joe User, an employee of ACME Corp, with the passphrase "my passphrase".

    • Open a command prompt and enter the following:

      pgp --gen-key "Joe User" --key-type RSA --bits 2048 --passphrase "my passphrase"
      


       
    • Press "Enter"
  4. PGP Command line will now generate your keypair. You should see your Key ID (i.e. 0X12345678), and a message that the key was successfully generated.

 

NOTE: To display your new keypair enter the following command:

 

pgp --list-keys



This will display all the keys that are found on your keyring.

 

Export The Public Key

After the key pair is generated and identified, it is important to export the public portion (public key) of the key pair so others can import your public key and encrypt to you. NOTES: Once you have exported your public key to a file, it is easy to distribute. You can attach it to an email, paste the public key block text into the body of an email message (open with Notepad), or copy to a CD, for example. To export your public key you will need to have information about the key in order to identify it, which will be referred to in this document as (input). You can use the key ID (i.e. 0x12345678), user ID (i.e. "Joe User"), or a portion of the user ID, (i.e. Joe). Display the keys To display the keys on your keyrings, open a command prompt and type the following:

 

pgp --list-keys



Press Enter and the keys will be displayed. Make note of the key's username or number ID that you wish to export. Export the key: To export the key, do the following:

 

  1. Open a command prompt.
  2. From the command prompt, enter:

    pgp --export (input)


    NOTE: Remember that any information that contains spaces must be contained inside quotes. 
  3. Press "Enter" when the command is complete.

PGP Command Line responds by exporting keys as ASCII armor (.asc) files into the directory currently active on the command line. Example 1 The following example will show you how to export your public key using your key ID.

  • From the command prompt, enter:
pgp --export 0x12345678



 

  • Press "Enter".

Example 2 The following example will show you how to export your key using your user ID.

 

  • From the command prompt, enter:
pgp --export "Joe User"



 

  • Press "Enter".

Import a PGP Key

You may import a public key from an ASCII Armor file (.asc) or from a text file, the process is the same for both. The file containing the key(s) to be imported must be in the current directory. As with exporting a key, this will be referred to as (input) in the examples. Both public and private keys will be imported if they exist in the file. If a key being imported already exists in the local keyring, the keys are merged. Import Key From File:

 

  1. Open a command prompt.
  2. From the command prompt, enter:

    pgp --import (input)


     
  3. Press "Enter" when the command is complete.

PGP Command Line responds as follows: Joe User.asc:import key {0:key imported as 0x12345678 Joe User} Example 1 The following example will show you how to import a key from an ASCII Armor file (.asc).

 

  • From the command prompt, enter:
pgp --import "Joe User.asc"



 

  • Press "Enter".

Example 2 The following example will show you how to import a key from a text file containing the PGP key block.

 

  • From the command prompt, enter:
pgp --import "PGP Joe.txt"



 

  • Press "Enter".

 


Legacy ID



389


Article URL http://www.symantec.com/docs/HOWTO41935


Terms of use for this information are found in Legal Notices