Create, sign, and publish your PGP key with Seahorse
I have espoused encryption on Ghacks plenty of times. I find most users do not employ encryption, of any kind, which is somewhat surprising given the constant rate at which data is stolen. With the help of encryption your data is much safer than it would be in plain text. To deal with encryption you have to use encryption keys.
This means you will giving and getting keys to/from various people (or within a business, different departments). If the amount of keys you manage gets too large, key management can become rather challenging. Fortunately there are tools out there to aid you in this task.
Once such tool is Seahorse. Seahorse is the default keyring manager for the GNOME desktop and it makes the task of key management quite simple. In this article you will see how easily Seahorse handles creation, signing, and publishing of your PGP key to a PGP keyserver.
Of course this does assume you want to publish your key on a public keyserver. There are benefits to publishing your PGP key. For instance it makes for easy access to your key so that those who need it, can get it. In some cases you would want to publish these keys to a non-public keyserver. For the simplicty of this article we will be publishing to the Ubuntu keyserver.
Seahorse contains a number of outstanding features:
- Create/manage both PGP and ssh keys.
- Publish/retrieve keys from keyserver.
- Key backup.
- Passphrase caching.
But the feature that makes Seahorse stand out the most is it's user-friendly interface. A task which other applications can make new users shy away from, Seahorse makes simple. You can create, sign, and publish your own keys to a keyserver quickly and easily.
More than likely Seahorse is already installed on your machine. If you are using the GNOME desktop, chances are it is there. To check to see if Seahorse is installed go to the GNOME Applications menu and look in the Accessories sub-menu. If it's there you're good to go. If not, you don't have much to do.
To install Seahorse all you need to do is follow these steps:
- Fire up your Add/Remove Software tool.
- Search for "Seahorse" (no quotes).
- Mark the entry for installation.
- Click Apply.
That's it. Once Seahorse is installed you are ready to create, sign, and publish.
Creating your PGP key
When the main Seahorse window opens (see Figure 1) the first thing you need to do is click the File menu and then select the New entry. This will open up another window where you can select from one of three keys to create:
- Password Keyring
- Secure Shell Key
- PGP Key
Since we are creating a PGP key, the choice should be obvious. Select PGP and then click the Continue button. The next window is where you fill out your information for your PGP key. All you need to fill out is:
- Full Name
- Email Address
You also have the option of configuring some advanced options such as:
- Encryption type
- Key strength
- Expiration date
I recommend sticking with the defaults unless you have reason to alter one of the above options. You can up the strength of the Key to 4096 bits if you need. Naturally the higher the key strength the longer the creation time as well as the larger the file size. But if strength is important, take it to the max.
Once you have filled out this information, click the Create button. The next window will ask you to set a passphrase for this key. Remember, this key is going on a keyserver so make sure the passphrase is strong. And if you are creating a key with strength in mind, that passphrase should reflect this.
When the key is created it will be listed in your main window. In order to sign this key you simply have to select the key and click the Sign button.Â If you are going to distribute this key you should certainly sign the key. Why? When you sign (even self-sign) your key, if someone tries to tamper with your key PGP will notify you of the tampering. If you do not sign the key, someone could fairly easily modify your key without you being the wiser. Now with that said, all you need to do to self-sign your key is select the key you want to sign and click the Sign Key button.
Once the key is signed you can then publish your key. To do this click the Remote menu and then selec the "Sync and Publish Keys" entry. A new window will open asking what you want to do. The button you want to click is the "Key Server" button. When you click this a new window will open (see Figure 2) where you can select the keyserver you want to use for publishing your keys.
If you are using an internal keyserver (or one that is not listed) click the Add button and enter the appropriate information. Once you select your keyserver click the Close button and you will be back at the window where you selected "Key Servers". Now you want to click the Sync button which will sync your new key.
You can check to make sure your key was uploaded by clicking the Find Remote Keys button, enter the name you used for the key, and click search. If your sync was successful your key will be listed. Now when users need your key you can tell them to grab it from the specific keyserver.
I hope you can see that using PGP doesn't have to be difficult. In fact, Seahorse makes PGP so simple there is little to no reason not to take advantage of this security tool.Advertisement