For Your Eyes Only

Cutting Your First Keys

In order to send secret messages back and forth, you and your recipient need two things: the PGP program and a copy of each other's public keys. A public key is a small data file that you give to others so they can send you encrypted messages. Other people need to send you their public keys before you can encrypt messages for them. (Similarly, you must send your public key to others who will be encrypting messages for your retrieval.) Public keys can only encrypt information--they can't unscramble a scrambled message. To do that, you need the private key that is generated in concert with any given public key.

To put it another way, think of your public key as a kind of self-addressed envelope that you give out to other people: It protects the message in transit, and it makes sure that only the intended recipient--you--can open it. (For more information on the ins and outs of encryption, see our "How It Works: Encryption" article.)

PGP's Key Generation Wizard will help you create a public and private key set. The Wizard may appear after the PGP setup program completes; if not (or if PGP requested a reboot), click the PGPtray icon in your system tray (it looks like a padlock) and select PGPKeys. Click Next in the first dialog box, and then enter your full name and e-mail address in the next dialog box. The name and e-mail address you enter here will be permanently associated with this public key, and others will use the information to find your key, so make sure you enter accurate information. Click Next, and then Next again.

The Key Pair Size dialog box asks you to specify how large you want your key to be. Leave the key-size radio button on its default "2048 bits" setting and click Next. The following dialog box will ask you if you want to set an expiration date for this key pair; leave this setting at its default, "Key pair never expires" (in some versions, it's "This key never expires"), and then click Next.

Now PGP asks you to enter a passphrase. Think of this as a very long password. You will need to enter your passphrase every time you want to read encrypted mail sent to you or to encrypt messages for others. Your passphrase must be at least eight characters long, but the longer the phrase, the more secure your messages are. The Passphrase Quality progress bar (directly below the first passphrase field) rates your phrase's strength. Pick a memorable phrase that gets the progress bar at least halfway to the right. When you're finished, click Next twice.

Finally, the program will ask your permission to send your public key to MIT's root key server, an online storehouse of public keys. PGP simply sends your key to the server when you're connected to the Internet. Later, friends or associates who use PGP and want to send you mail can search the MIT root key server using your name or e-mail address to obtain your public key so they can encrypt messages to you. If your Internet connection is active, check the box labeled "Send my key to the root server now." (If you're not connected to the Net, leave the box unchecked; the transfer will take place later.) Click Next, and then Finish.