Key Manager provides you with the ability to generate self-signed multi-purpose RSA 2048-4096 and DH/DSS 2048-4096/1024 bit keys that can be used for both signing and encryption. Although shorter key lengths are available compliant with international standards, Key Manager is pre-set to provide the maximum strength keys currently available. Keys generated using Key Manager are x.509 v3 compliant and may be exported in .asc, .p12 or .p7b formats.
If you do not have a key pair from a Certificate Authority or another OpenPGP application (which you intend to import into FAOPGP) then you will need to generate a key using this facility if you want to digitally sign files, encrypt files for yourself and let others encrypt files for you.
To generate a key:
From Key Manager select the 'Generate Key' icon
. The following dialog is displayed:
All the fields (apart from notes) must be completed. The information you enter here is used in the key generation process and will be available to others when you distribute the key. Key Manager remembers the information for the last key generated to reduce the amount of information you need to enter.
Name
Enter a 'friendly name' that is used to identify the key to you or other people. For example, 'Ben Williams'.
Department
Enter your department name (for example, 'Marketing') or line 1 of your address if you are not using this key for an organization.
Address
Enter your organizations name (for example, ArticSoft) or line 2 of your address if you are not using this key for an organization.
City/Town
Enter the City/Town where you or your organization reside.
State/County
Enter your State/County where you or your organization reside.
Country
Select your country from the pull-down list box.
Enter your e-mail address. For example, 'benwilliams@articsoft.com'. Take care to ensure it is correct as it may be used to contact you by the people you send the key to. FAOPGP always uses this email address (it enters it in the email application TO field) when you encrypt and email files as a single operation.
Valid From
This field is automatically filled in by Key Manager and is the date the key is created. This field cannot be modified.
Valid To
The date on which this key will cease to be valid. The system will prompt you with a date one year ahead which you can alter by entering a new date directly in the field or using the
button to select a date from the calendar. Guidelines for setting validity dates.Notes for this key
You can enter any additional information you want associated with this key. This information is purely for you to help you identify the signing/encryption key. For example, you may want to enter what you intend to use the key for. You can edit these notes at any time once the key has been added to your keystore. The information you enter here is never exported with the key.
Key Type
DH/DSS - this generates a key for use with PGP version 5 and above. RSA - this generates a key for use with PGP version 7 and above and PKI systems.If you only intend to communicate with PGP v7 and above users then we suggest you choose the RSA key type.
Key Size
Select from the pull-down box a key size. Key sizes available are 2048, 3072 and 4096. A longer key size gives increased resistance to hacking and cracking. However, users should be aware that more processing power will be required with longer key lengths and this may slow down the speed at which files can be decrypted.
NOTE: With DHS/DSA the signature remains at 1024 because that's what the standard specifies, only the DH key is lengthened.
Once you have filled in all of the fields, press
. A message dialog informs you that a key is being generated. You are returned to the Key Manager dialog and your newly generated key is displayed in the 'My Own Keys' tab.NOTE: All the above fields must be filled in because the international standard requires valid content. You will not generate keys very often so please take the time to enter information correctly. If you have generated a key with incorrect information in it, delete it using Key Manager and generate a new one.
The key generation process creates unique keys based on information supplied by you and random numbers generated by FAOPGP. Therefore, you can generate a key that has exactly the same information as a previous key but it will have a different key value and hence be a unique key.