RSA key generation

To generate your own unique public/secret key pair of a specified size, type:

    pgp -kg

It also asks for a user ID, which means your name. It's a good idea to use your full name as your user ID, because then there is less risk of other people using the wrong public key to encrypt messages to you. Spaces and punctuation are allowed in the user ID. It would help if you put your E-mail address in <angle brackets> after your name, like so:

    Robert M. Smith <rms@xyzcorp.com>

PGP also asks for a pass phrase to protect your secret key in case it falls into the wrong hands. Nobody can use your secret key file without this pass phrase. The pass phrase is like a password, except that it can be a whole phrase or sentence with many words, spaces, punctuation, or anything else you want in it. Don't lose this pass phrase -- there's no way to recover it if you do lose it. This pass phrase will be needed later every time you use your secret key. The pass phrase is case-sensitive, and should not be too short or easy to guess. It is never displayed on the screen. Don't leave it written down anywhere where someone else can see it, and don't store it on your computer. If you don't want a pass phrase (You fool!), just press return (or enter) at the pass phrase prompt.

The public/secret key pair is derived from large truly random numbers derived mainly from measuring the intervals between your keystrokes with a fast timer. The software will ask you to enter some random text to help it accumulate some random bits for the keys. When asked, you should provide some keystrokes that are reasonably random in their timing, and it wouldn't hurt to make the actual characters that you type irregular in content as well. Some of the randomness is derived from the unpredictability of the content of what you type. So don't just type repeated sequences of characters.

Note that RSA key generation is a lengthy process. It may take a few seconds for a small key on a fast processor, or quite a few minutes for a large key on an old IBM PC/XT. PGP will visually indicate its progress during key generation.

The generated key pair will be placed on your public and secret key rings. You can later use the -kx command option to extract (copy) your new public key from your public key ring and place it in a separate public key file suitable for distribution to your friends. The public key file can be sent to your friends for inclusion in their public key rings. Naturally, you keep your secret key file to yourself, and you should include it on your secret key ring. Each secret key on a key ring is individually protected with its own pass phrase.

Never give your secret key to anyone else. For the same reason, don't make key pairs for your friends. Everyone should make their own key pair. Always keep physical control of your secret key, and don't risk exposing it by storing it on a remote timesharing computer. Keep it on your own personal computer.

If PGP complains about not being able to find the PGP User's Guide on your computer, and refuses to generate a key pair without it, don't panic. Just read the explanation of the NOMANUAL parameter in the section "Setting Configuration Parameters" in the Special Topics volume of the PGP User's Guide.

The information contained in this document is a duplication of the RSA Key Generation section of the PGP User's Guide, Volume I: Essential Topics.

PGP(tm) Pretty Good(tm) Privacy. Public key encryption for the masses.
Document revised 11 October 94 for PGP version 2.6.2 -- 11 Oct 94.
Software by Philip Zimmermann, and many others.

PGP software and documentation © Copyright 1990--1994 Philip Zimmermann. All rights reserved. For information on PGP licensing, distribution, copyrights, patents, trademarks, liability limitations, and export controls, see the Legal Issues section in the PGP User's Guide, Volume II: Special Topics.
Distributed by the Massachusetts Institute of Technology.