Key Generation

The first thing any PGP user needs to do is create a keypair. When you generate a key (that is, an RSA keypair), you are asked for the keysize, the name on the key, a pass phrase, and then for some random keystrokes. The key parameters are used to generate the actual bits that will be your PGP key.

The keysize is directly proportional to the security of the key, and indirectly proportional to the time it takes to use that key. Larger keys are more secure, but they require more time to use. Because the time differential affects only the key owner, a key owner who wants a longer key will pay the penalty himself, whereas everyone else who uses that key will see a marginal penalty.

The name on the key is the userid. It is the printable string that is supposed to tell others who owns this key. By convention, the userid is a name and an e-mail address, such as the string Derek Atkins <warlord@MIT.EDU>. A key can have multiple names, which means that its owner has different names.

After the key parameters have been defined, PGP will ask the user for a pass phrase. This pass phrase will later be used to unlock the secret key. This provides an extra level of security when the secret key is used because the pass phrase is required to sign or decrypt messages using that keypair. Through the pass phrase, an attacker who obtains the on-disk portion of the secret key ring cannot use its contents because they are encrypted using the pass phrase. An attacker needs to have the contents of the secret key ring and the pass phrase in which is it encrypted to steal the secret key.

After the pass phrase, PGP asks for random keystrokes. These keystrokes are timed, and the inter-keystroke timing is used to generate random numbers. These random numbers are used to generate the primes that comprise the RSA keypair. The longer the keypair, the more random data that is required to generate it, and the more keystrokes are required.

To generate a key, use the -kg option to PGP. The first example is a repeat of the first example in this chapter, but each step is explained. First, the user must create the directory to hold the keypair. PGP uses the PGPPATH environment variable to hold the name of this directory. If PGPPATH is not set, PGP will use a reasonable default. In DOS PGP will use the current working directory; in Unix it will use the .pgp directory in the user’s home directory. Because PGP does not make this directory, the user needs to create it first:

~> mkdir .pgp

After the PGPPATH directory is created, the user can generate a key. PGP will prompt for all the information that is required. A key is generated by using the -kg option:

~> pgp -kg
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1995/11/14 08:12 GMT
Pick your RSA key size:
1) 512 bits- Low commercial grade, fast but less secure
2) 768 bits- High commercial grade, medium speed, good security
3) 1024 bits- “Military” grade, slow, highest security
Choose 1, 2, or 3, or enter desired number of bits: 3

At this point, PGP wants to know the size of the key to generate. PGP will present you with three built-in sizes: 512, 768, and 1,024 bits. The larger the keysize, the more secure the key will be but the longer it will take the user to actually use the key. Although it is technically feasible to use arbitrarily large keys, the time it would take to actually perform various options using very large keys far outweighs the security benefit of the use of the larger key.

In the preceding sample command list, the user has chosen the built-in keysize of 1,024 bits by choosing option 3. Alternatively, the user could have typed in the actual size of the key to generate. PGP will generate keys of any length between 384 and 2,048 bits in length. A user need only type the number of bits requested instead of the built-in values.

Generating an RSA key with a 1,024-bit modulus.

You need a user ID for your public key. The desired form for this
user ID is your name, followed by your e-mail address enclosed in
<angle brackets>, if you have an e-mail address.
For example: John Q. Smith <12345.6789@compuserve.com>
Enter a user ID for your public key:
Ruth Thomas <tara@mail.Free.NET>