In our post we will review how to generate generate a private/public key pair using GPG. By the end of the post we will have created a public key will contain two keys, one key for signing and a subkey for encryption. 

We will incorporate the GPG set-up into Cleo Clarify. In our previous example, we showed users how to incorporate SFTP and PGP into a Business Process.

Check GPG version

The GPG version must be version 1.4.5.
Enter the following command to display the version:
gpg --help
gpg (GnuPG) 1.4.5
Copyright (C) 2006 Free Software Foundation, Inc.

Create Public/Private Key

Enter the following command to start generating your key:
gpg --gen-key

Select the type of key

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only) -- SELECT THIS OPTION
Your selection? 5

Select the key size

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048

Requested keysize is 2048 bits

Select the expiration time

Please specify how long the key should be valid.
     0 = key does not expire -- SELECT THIS OPTION
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0

Key does not expire at all

Is this correct? (y/N) y

Enter user name and email

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Sean Hoppe "

Real name: John Doe
Email address: namehere@domain.com
Comment: comment
You selected this USER-ID:
    "Your Name < namehere@domain.com >"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

Enter passphrase to protect secret key

You need a Passphrase to protect your secret key.

Enter passphrase: *******
Repeat passphrase: *******

We need to generate a lot of random characters. At this time, just type any characters.
You may see the following message.  If you do, follow the instructions and the key generation process will start automatically.
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)

..+++++
...+++++
gpg: key F767XXX1 marked as ultimately trusted
public and secret key created and signed

gpg: checking the trustdb
gpg: 3 marginal(s) needed.  1 complete(s) needed, PGP trust model
gpg: depth: 0  valid: 1  signed: 0  trust: 0-, 0q, 0m, 0n, 0f, 1u
pub: 2048R/F709C771 2015-05-27
     key fingerprint = BDC2 5293 DB14 XXX D2DA  711C 1234 564A 89RR C771
uid             Your Name (your comment) < namehere@domain.com >

Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.

Key generation is complete.  At this point, you have generated a private/public key pair with a public key that can be used for signing purposes. The next step is to add a subkey that will be used for encryption.

Add a Subkey for Encryption