Encrypt Your Email #57
Chapter 8, Desktop Programs
separate lines, and press Enter after you enter each value. The comment field
You selected this USER-ID:
"Joe Blogs <email@example.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
Here you are asked if you want to edit any of the fields, or type O to con-
Q to quit.
Repeat your passphrase:
Finally, you are asked to type in a passphrase to protect your secret key. The
thing to remember here is that it is a passphrase, not a password. A pass-
phrase typically consists of a sentence such as “I love eating cheese,” and the
longer the passphrase, the better. When you have added it, you are asked to
confirm it by typing it twice. Then your keys are created and saved in your
GPG keyrings that are located in .gnupg in your home directory. You have
two keyrings, because one contains only other people’s public keys and one
contains only your private key. It’s a good idea to back up your secret key-
ring (.gnupg/secring.gpg) to a safe place because if you lose your private key,
you can’t re-create it and you will not be able to access encrypted messages
that have been sent to you.
It’s critical that you choose a very strong passphrase: using a
key with a high level of encryption with a short passphrase is
like building a bank vault but securing the door with only a
piece of string. If your passphrase is weak, you leave your
private key vulnerable to brute-force dictionary attacks if it
ever falls into the wrong hands.
Publish Your Key to a Server
Now that you have your key, it’s a good idea to send it to a public key server.
A key server is a public resource that will provide a means for you to distrib-
ute your public key to those who need it to encrypt email to you. It is also a
place where you can download their public keys, should you need to encrypt
email to them. You have to upload it to only one key server, because the key
servers replicate with each other. Here is the command to upload your key:
foo@bar:~$ gpg --keyserver wwwkeys.pgp.net --send-key firstname.lastname@example.org
To save some typing, store values for options such as the key
server name in ~/.gnupg/options.