How to Create a PGP Key Pair on a Mac in ASCII format
To create a PGP public-private key pair in ASCII format on a Mac, you can use GnuPG (GPG), a widely-used implementation of the OpenPGP standard. Here’s a step-by-step guide to help you create the key pair:
Install GnuPG (GPG)
If you haven’t installed GPG already, you can use Homebrew, a package manager for macOS. To install Homebrew, open Terminal and paste the following command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
After Homebrew is installed, use it to install GPG by running the following command:
brew install gnupg
Installation might take a while, but you can watch the progress in the terminal window as the dependent packages are installed.
Create the PGP Key Pair
Now with the tools installed on your Max, in Terminal, run the following command to begin a wizard that will walk you through creating your PGP key pair:
gpg --full-generate-key
RSA is more common, but ECC, the default, provides greater security for the same key size as RSA. Here however, I demonstrate with RSA.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Next, select your key size. Larger keys provide greater security. I chose 4096 as that was the requirement for the SFTP service I was setting up.
Next, specify if the key should expire, and if so, when. I chose to allow the key never to expire.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
Provide your name, email, and an optional comment,
Real name: Let It Byrne LLC
Email address: administrator@letitbyrne.com
Comment: SFTP PGP Key Pair
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
Create a strong passphrase to protect your private key.
┌──────────────────────────────────────────────────────┐
│ Please enter the passphrase to │
│ protect your new key │
│ │
│ Passphrase: ________________________________________ │
│ │
│ <OK> <Cancel> │
└──────────────────────────────────────────────────────┘
Export your keys in ASCII format
After generating the key pair, you might need to export the public and private keys in ASCII format, also known as “armored” format. To do this, first find your key ID by listing your keys with the following command:
gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
pub rsa4096 2023-04-20 [SC]
8F14203799B5D6F12341222B61CA62618FG20DC2
uid [ultimate] Let it Byrne, LLC.
sub rsa4096 2023-04-20 [E]
Your key ID is the long character string on the second line of the pub entry, 8F14203799B5D6F12341222B61CA62618FG20DC2, in this example.
Export your public key with the following command, replacing “ABC12345” with your actual key ID and “public_key.asc” with your desired file name:
gpg --armor --output public_key.asc --export ABC12345
- Export your private key with the following command, replacing “ABC12345” with your actual key ID and “private_key.asc” with your desired file name:
gpg --armor --output private_key.asc --export-secret-keys ABC12345
Now you have your PGP public and private keys in ASCII format, stored in the “public_key.asc” and “private_key.asc” files, or whatever you named them.
Make sure to keep your private key secure and share only your public key with others who need to encrypt messages sent to you.