Finally, you'll need to specify a pass phrase for your private key.
This pass phrase is what protects your private key from exposure on
your local machine. If you were wondering how you were supposed to
remember a 1,024 bit key, the short answer is you don't. The private
key is encrypted using your pass phrase, and the encrypted string is
added to the key ring. Key point: don't forget your pass phrase, or
you'll have to create new public keys and go through the distribution
process again. Similarly, don't choose a trivial pass phrase, or
interested parties will crack open your private key and use it to
decipher your incoming messages.
Now that you have created a key, you can give it to friends and family.
The easiest way to do this is to extract the key from your public key
huey% pgp -kx stern mykey
This pulls the key for user ID stern out of the public key ring, and
writes into mykey.pgp (the extension is filled in for you by
PGP). Put this file on a floppy and give a copy to anyone wishing to
send you encrypted files or mail. Hopefully, they'll exchange their
public keys with you as well so you can reciprocate. If you want to
send the public key via e-mail, extract it in ASCII armor:
huey% pgp -kxaf stern mykey | mail email@example.com
If you take a look at the key file, it's merely the public part of
your key represented in ASCII, with an ASCII PGP wrapper around it:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzEHJg0AAAEEAK64kFTWbJEUabpYbNplqkQWppFovgm2h1SiBjvUPqBiTJxL 8CCB2wPaOi13yDHEX0hUPS1SwUnT/azGMSfs6ClHE1/VJ4rUrgq3/QvJqbLIX7zB KV2mnvKh5RsbmTXGgp5Ndu2A8aCHB/4LNva3JCzgIgHGZNgLGp+BYWW7p+VBAAUR tCBMb3UgU2Nod2FydHogPGxvdUB3b3JsZC5zdGQuY29tPg== =uMh6 -----END PGP PUBLIC KEY BLOCK-----
When Pepe gets the file, he saves the message in a file and
adds the public key to his key ring:
huey% pgp -ka hiskey.asc
PGP also has several options for managing keys, allowing you to edit
your user name or pass phrase and to check (examine) keys in any ring.
Personal exchange gives you a high degree of confidence in the keys.
Unless you have a malicious identical twin, someone receiving a floppy
from you can rest assured that it contains your valid public key.
Trading floppies in coffee shops is nice, but it's unlikely you'll be
able to personally meet people from all over the world. If you need to
rely on e-mail distribution, you need some additional guarantees that
the keys you're getting are valid.
Practically safe hex: trust and validity