Skip to main content
Documentation

Generating GPG Keys

Generating GPG Keys in the Browser on Files.com

You can generate a GPG/PGP key pair in your browser through the GPG Key Manager or while setting up automated encryption or decryption.

To generate a key pair that can be used for multiple encryption or decryption folders, use the GPG Key Manager. This method stores the private key within Files.com. The private key is encrypted while stored and cannot be accessed by Files.com employees.

Key pairs generated this way use the RSA algorithm and are 4096 bits in length.

Generating GPG Keys on Files.com via API

You can generate a GPG/PGP key pair using the Create GPG Key API. The generated key will reside within the GPG Key Manager.

This method stores the private key within Files.com. The private key is encrypted while stored and cannot be accessed by Files.com employees.

Key pairs generated this way use the RSA algorithm and are 4096 bits in length.

You can download the created key pair through the Show GPG Key API within 60 minutes of the key creation time.

Generating GPG Keys on Windows

On Windows, generate GPG keys with the Gpg4win app suite, available from the Gpg4win siteExternal LinkThis link leads to an external website and will open in a new tab. The installer includes Kleopatra, a key management app that generates key pairs and imports private keys provided by others for decrypting files.

Download and Install Gpg4win

Download and install Gpg4win from the official website: https://gpg4win.org/External LinkThis link leads to an external website and will open in a new tab

Use the Kleopatra App to Generate a New GPG/PGP Key Pair

Open the Kleopatra certificate manager app from the Windows Start menu.

Select the File menu then select the New OpenPGP Key Pair menu item.

Follow the on-screen instructions and enter your name and email address.

Select the Protect the generated key with a passphrase option. (This is optional. You can leave this option unselected if you wish to have no passphrase to protect the private key.)

Select Advanced Settings... and make sure, under the Certificate Usage section, that both Signing and Encryption are selected.

Select OK to start the key generation process. If prompted, enter a strong passphrase to protect your private key.

Export the Public and Private Portions of the New Key Pair

Right-click on the newly created key and select Export... to export the public portion of the GPG/PGP key.

Right-click on the newly created key and select Backup Secret Keys... to export the private portion of the GPG/PGP key. If prompted, enter the passphrase for the key.

You can open and view the exported files using a text editor or viewer such as Notepad.

Your public key is the entire contents of the text that begins with: -----BEGIN PGP PUBLIC KEY BLOCK----- and ends with: -----END PGP PUBLIC KEY BLOCK-----

Your private key is the entire contents of the text that begins with: -----BEGIN PGP PRIVATE KEY BLOCK----- and ends with: -----END PGP PRIVATE KEY BLOCK-----

Extending the Expiration Date of a GPG/PGP Key on Windows

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised, extending the expiration date is typically a better alternative to generating a new key. Generating a new key requires informing all your counterparties of the new key so they can delete the old one and start using the new one.

To extend the expiration date of a key, open the Kleopatra certificate manager app from the Windows Start menu and double-click the entry of the PGP Key to view its detailsExternal LinkThis link leads to an external website and will open in a new tab.

Select the Change Expiry Date button, provide a new date, and save the changes.

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.

Generating GPG Keys on macOS

On macOS, generate GPG keys with GPG Suite, available from the GPG Tools siteExternal LinkThis link leads to an external website and will open in a new tab. Install it like any other macOS app. The installer includes GPG Keychain, which you can launch from Launchpad or your Applications folder.

GPG Keychain opens to a window showing a list of current keys. One appears by default, created by the GPG Tools team — leave that there.

To generate a new key pair, click the New key icon in the upper left corner of the window.

Fill in the information form and choose a strong password. Keep a record of the password in a safe place such as a password manager, since it is required to decrypt files using this keypair. GPG Keychain allows you to proceed without a password, but that is less secure.

Once the form data is entered, click Generate Key to finish.

To export your public key:

  1. Select the key by name in the list view, then click the Export key icon in the upper left corner. GPG Keychain prepares an .asc file containing your public key. Check the box to include the private or "secret" key if you need to provide that to another person.
  2. In the Save As window that appears, navigate to the location where you want the exported .asc file saved.
  3. Click Save. You will see an acknowledgement that the keys were exported.
  4. Open the saved file with TextEdit or a similar text editor. You will see the public key, and the private/secret key below it if you selected that option for the export.
  5. Copy the entire public key block. The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

Extending the Expiration Date of a PGP Key on Mac

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised, extending the expiration date is typically a better alternative to generating a new key. Generating a new key requires informing all your counterparties of the new key so they can delete the old one and start using the new one.

To extend the expiration date of a key, open the GPG Keychain app, double-click the entry of the PGP Key, and navigate to the Key tab.

Select the Change button next to the expiration date fieldExternal LinkThis link leads to an external website and will open in a new tab, provide a new date, and save the changes.

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.

Generating GPG Keys on Linux

On Linux, generate GPG keys with the GnuPGExternal LinkThis link leads to an external website and will open in a new tab command line tools.

Run the command below from a terminal to install GnuPG.

On deb or apt based distributions (Debian, Ubuntu, Mint):

sudo apt install gnupg

On rpm or yum based distributions (Fedora, CentOS, RHEL):

sudo yum install gnupg

Generate a GPG Key Pair

Run this command to generate your GPG key pair:

gpg --full-generate-key

At the prompt, specify the kind of key you want, or press ENTER to accept the default (RSA and RSA).

When prompted, enter your desired key size. We recommend the maximum of 4096.

Next, specify how long the key remains valid, or press ENTER for a key that never expires, and verify your selections.

When prompted, enter your real name, email address, and an optional comment if desired. Confirm your entries are correct by typing O (for Okay) and pressing ENTER.

When prompted, type a secure passphrase to protect your GPG key.

Your GPG key pair is now generated. Note your key ID from the output:

gpg: key 1655A54E2B4AD8A9 marked as ultimately trusted

In the example above, the GPG key ID is 1655A54E2B4AD8A9.

Copy Your GPG Public Key

Enter the command below to output your public key, replacing the example ID with your GPG key ID.

gpg --armor --export 1655A54E2B4AD8A9

Highlight and copy your GPG key, beginning with:

-----BEGIN PGP PUBLIC KEY BLOCK----- and ending with: -----END PGP PUBLIC KEY BLOCK-----

The copied key can now be pasted into the Public key field by an administrator when enabling GPG Encryption on a Files.com folder.

Extending the Expiration Date of a PGP Key on Linux

When a GPG/PGP Key expires, you can create a new key to replace it or you can extend the expiration date of the expired key.

If a key hasn't been compromised, extending the expiration date is typically a better alternative to generating a new key. Generating a new key requires informing all your counterparties of the new key so they can delete the old one and start using the new one.

Run this command to extend the expiration date of your GPG key pairExternal LinkThis link leads to an external website and will open in a new tab:

gpg --quick-set-expire <KEY_ID> <NEW_EPIRATION_DATE> <OPTIONAL_SUB_KEY_ID>

For example, using the Key ID from the example above, and an expiration date for the end of this century, the command would be:

gpg --quick-set-expire 1655A54E2B4AD8A9 2099-12-31 \*

Re-export the public and private portions of the updated key pair.

Import the updated portions into Files.com, replacing the previous version of the PGP Key.