Documentation / 9.2. Generating a New Key Pair
	Chapter 9. Encryption with KGpg		9.3. Exporting the Public Key

Generating a New Key Pair

To be able to exchange encrypted messages with other users, first generate your own key pair. One part of it—the public key—is distributed to your communication partners, who can use it to encrypt the files or e-mail messages they send. The other part of the key pair—the private key—is used to decrypt the encrypted contents.

	Private Key versus Public Key
The public key is intended for the public and should be distributed to all your communication partners. However, only you should have access to the private key. Do not grant other users access to this data. Your private key is protected with a passphrase. Choose the passphrase carefully: do not use words from a dictionary and mix alphabetic with non-alphabetic characters.

Private Key versus Public Key

The public key is intended for the public and should be distributed to all your communication partners. However, only you should have access to the private key. Do not grant other users access to this data.

Your private key is protected with a passphrase. Choose the passphrase carefully: do not use words from a dictionary and mix alphabetic with non-alphabetic characters.

Start KGpg from the main menu or press Alt+F2 and enter kgpg. When you start the program for the first time, a wizard appears to guide you through the configuration. Follow the instructions up to the point where you are prompted to create a key.

If you have already generated a key pair, select Keys+Generate Key Pair if you want to create a new key pair.

Figure 9.1. KGpg: Creating a Key

Enter a name, an e-mail address, and, optionally, a comment. If you do not like the default settings provided, also set the expiration time for the key, the key size, and the encryption algorithm used. To generate a standard key, just confirm your settings with OK.

	Expert Mode
If you are an experienced user, use the Expert Mode to define more options. This takes you to a terminal window where you can set the type of key to be generated, the key size in bits and the expiration date. After entering your name and e-mail address, you are prompted for a passphrase to protect your private key.

After clicking OK, a dialog prompts you to enter a passphrase twice. The passphrase protects your private key. After you have entered a passphrase, the key pair is generated. This can take some time. When it is finished, the program displays a summary. Save and print a revocation certificate right away and keep it in a save place. You will need the certificate to revoke your passphrase if you forgot it. After you have confirmed with OK, KGpg displays its main window.

Figure 9.2. KGpg Main Window: Key Management

The main window shows the keys that belong to your key ring: your own key and the keys from other persons that you have already imported. As GnuPG uses a more sophisticated implementation of key pairs, for each user name, several sub keys are displayed but these can be neglected for the purpose of this chapter. Apart from some other details like expiration date or creation date of the key and the ID, the main windows also shows the level of trust for each key, indicated by colors. White means that the trust level is unknown, blue indicates a high level of trust. For more information, see Section 9.4.2, “Trusting Keys”.

	KGpg Icon and Main Window
When you start KGpg in later sessions, only a small icon with a padlock appears in the system tray. Click that icon to display the main KGpg window on your desktop.