Create your own key pair
This tutorial is for Gpg4win 4.0.3. For new versions this process may differ.
If you want to start with encryption it is necessary to have your own pair of keys so that you have a private and a public key. Maybe you already have one but you need to import it. Then you can follow this section as it also works with your own key pair. The other way is to create your key pair and this way is shown in this tutorial.
Sometimes the keys are also called "certificates" which is a term coming from the encryption via S/MIME. For many users (and especially those who are unsure) encryption via OpenPGP is the right way. Since Gpg4win/Kleopatra can handle both the certificates and the keys are called certificates in the program.
Create the key pair
- Click on File in the menu bar
- Click on New Key Pair... in the menu
- Click on Create a personal OpenPGP key pair
- In the next window enter your name and the email address the new keys will belong to.
- It is also recommended to set a password so activate the checkbox Protect the generated key with a passphrase.
- If you need to set more settings for your new keys go to the section Advanced settings for new keys. Sometimes this is necessary because not every type of key is compatible with every application and there are different recommendations about the size of a key.
- Click on Create
- A small window appears. Here you now have to enter a password/passphrase twice. todo How to get a passphrase, link recommendations for random creation.
- Confirm with a click on OK. (todo Link other recommendations for passphrase handling, not just Please save your password for example with a password manager like KeePassXC because if you don't know your password you can't decrypt files and messages so you can't read them anymore.)
- Now you have two options:
- Click on Finish
- Or you go on with the section Backup your key pair to backup your key pair so you don't forget it later.
Advanced settings for new keys
Here we show how to create a RSA key with 4096 bit size. In the advanced settings you could also decide for which cases your new keys can be used and how long they are valid.
- Click on Advanced Settings....
- Select the key type RSA.
- Select 4,096 bits in both of the dropdown menus.
- Confirm with OK
Backup your key pair
todo link general recommendation about backups and the section where to backup
It's great that you chose to backup your keys now because if you didn't maybe you would forget it and if you loose your keys you can never read messages that were encrypted by these keys again.
- Click on the option Make a Backup Of Your Key Pair...
- The file explorer will be opened. Here you can choose a folder where your backup will be saved (The place you save the keys to should be on a different device than you normally use e.g. an external hard drive). Then click on Save.
- Enter the password/passphrase that you chose when you created the key pair...
- ... and click on OK
- The next window explains that the backup was successfully. Confirm with OK.
Congratulations! You created and backed up your own key pair.