Generate Email Encryption Public Key

Public and private key pairs lie at the core of how is referred to as public key cryptography. Together, they work to secure and authenticate messages. They also lie behind how we authenticate messages at PreVeil.
We often find ourselves explaining the concepts of how these keys work when we talk to prospective clients. So, we thought it would be helpful to discuss what these keys are, what they aren’t and how they work.
The answers below provide a general overview on public and private key pairs rather than an architectural overview of PreVeil. For a detailed understanding of how public-private key pairs work in PreVeil, please review our architectural whitepaper.

A new RSA key pair only need to be generated when the old pair is revoked. Such a key pair can be used to encrypt/decrypt a lot of messages. The RSA public and private key are linked; it is not possible to generate new private keys that use the same public key. Since you need to trust the public key, it is not useful to generate new key pairs. RandomKeygen is a free mobile-friendly tool that offers randomly generated keys and passwords you can use to secure any application, service or device. KEY RandomKeygen - The Secure Password & Keygen Generator. The all-in-one ultimate online toolbox that generates all kind of keys! Every coder needs All Keys Generator in its favorites! It is provided for free and only supported by ads and donations.

Public key vs. private key

Generate Email Encryption Public Key


The main difference between a public and a private key is their use. The public key , as its name implies, is public and open to anyone in the system. The public key is used to encrypt data.
The private key however is private. It is only ever stored on user’s device. The private key is used to decrypt data.


Public key is used to convert the message to an unreadable form. Private key is used to convert the received message back to the original message. Both these keys help to ensure the security of the exchanged data. A message encrypted with the public key cannot be decrypted without using the corresponding private key.

Generating public private key pairs


The public and private key are not really keys but rather are really large prime numbers that are mathematically related to one another. Being related in this case means that whatever is encrypted by the public key can only be decrypted by the related private key.


A person cannot guess the private key based on knowing the public key. Because of this, a public key can be freely shared. The private key however belongs to only one person.
There are several well-known mathematical algorithms that are used to produce the public and private key. Some well-respected examples of public private key encryption are RSA, DSS (Digital Signature Standard) and various elliptic curve techniques. At PreVeil, we use elliptic-curve cryptography’s Curve-25519 and NIST P-256.

Can a public key decrypt a private key?


In asymmetric cryptography, the public and private key can also be used to create a digital signature. A digital signature assures that the person sending the message is who they claim to be.
Typically, we use the recipient’s public key to encrypt the data and the recipient then uses their private key to decrypt the data. However, using this scheme, there’s no way to authenticate the source of the message. Mike could get a hold of Bob’s public key (since it’s public) and pretend that Bob is the person sending a message to Alice.
To prevent this type of fraud, Bob can sign his message with a digital signature. Digital signatures ensure Mike can’t pretend that he is Bob by using Bob’s public key to send a message to Alice.


To create a digital signature using a public and private key, Bob digitally signs his email to Alice using his private key. When Alice receives the message from Bob, she can verify the digital signature on the message came from Bob by using his public key. As the digital signature uses Bob’s private key, Bob is the only person who could create the signature.
PreVeil’s method for securing messages is a bit more complex than the example provided above. However the example provides a good general overview for how asymmetric encryption works.

How public and private keys work

Yahoo email encryption


Public and private keys work together in pairs. As noted above, public keys are disseminated widely and private keys are known only to the owner.
Here’s an example of how the public and private key pair works together:
Bob wants to send Alice an encrypted email. To do this, Bob takes Alice’s public key and encrypts his message to her. Then, when Alice receives the message, she takes the private key that is known only to her in order to decrypt the message from Bob and reads it.


Although the companies owning the server might try to read the message, they will be unable to because they lack the private key to decrypt the message. Only Alice will be able to decrypt the message as she is the only one with the private key.
When Alice wants to reply, she simply repeats the process, encrypting her message to Bob using Bob’s public key.

Examples of public private key encryption.


Many protocols like SSH, OpenPGP, S/MIME, and SSL/TLS rely on asymmetric cryptography for encryption and digital signatures. It is also used in software programs, such as browsers, to establish secure connections over an insecure network like the internet.

PreVeil is one example platform that uses public and private keys to encrypt data and create digital signatures. Other well-known applications that use public and private keys to secure messages are WhatsApp and Signal.

Business benefits of public private key encryption


By using a public and private key for encryption and decryption, recipients can be confident that the data is what the sender says it is. The recipient is assured of the confidentiality, integrity and authenticity of the data.
Confidentiality is ensured because the content that is secured with the public key can only be decrypted with the private key. This ensures that only the intended recipient can ever review the contents
Integrity is ensured because part of the decryption process requires checking that the received message matches the sent message. This ensures that the message has not been changed in between.
Authenticity is ensured because each message sent by Alice to Bob is also signed by Alice’s private key. The only way to decrypt Alice’s private key is with her public key, which Bob can access. By signing the message with her private key, Alice ensures the authenticity of the message and shows that it really did come from her.

Conclusion


Interested in reading more about public private keys? Look at our articles on:
End-to-end encryption
Email encryption
Or watch our video on how public and private keys secure enterprise email:

Updated by LinodeWritten by Linode

Try this guide out by signing up for a Linode account with a $20 credit.
Contribute on GitHub

Report an Issue View File Edit File

What is GnuPG?

GNU Privacy Guard (GnuPG), also known as GPG, is a tool for secure communication that was created by Werner Koch as Free Software under the GNU Project. GnuPG follows the OpenPGP protocol, which defines and standardizes all the necessary components involved in sending encrypted messages–signatures, private keys, and public key certificates. This piece of free software is notably used by journalists around the world to ensure that their sensitive email communication is kept secure and private.

GPG uses a combination of symmetric-key cryptography and public-key cryptography. Public key cryptography is likely already familiar to you since it is the recommended way to authenticate when SSHing in to your Linode. Public-key cryptography uses a key-pair system where any single user has a private and public key pair. The public key can be shared with anyone, while the private key should be protected and secret to maintain the integrity of the system.

This asymmetric cryptographic system is ideal for secure communication, because all it requires is that the sender of the message have a copy of the receiver’s public key before encrypting and sending the message. The recipient can then use their private key to decrypt the message. This means anyone can send you a secure message if they have a copy of your public key.

This guide shows how to create your own keypair, distribute the public key to a receiver, and encrypt and decrypt a message on Ubuntu 16.04 and 18.04.

Create GPG Keys

  1. Download and install the most recent version of the GPG command line tools for Ubuntu:

  2. Create a new primary keypair:

    Several prompts will appear before the keypair is generated:

    • Select (1) RSA and RSA (default) for the type of key.
    • Enter 4096 for the key size.
    • Specify the duration the key should be valid in days, weeks, months, or years. For example, 1y will set an expiration date of one year from the time of keypair creation.
    • Enter a name, email address, and comment to associate with the key pair. Any one of these three values can be used to identify the keypair for future use. Enter the desired information for each value and confirm when prompted.
    • Provide a passphrase. The passphrase is used to unlock the private key, so it is important to ensure the passphrase is strong. Use a mix of alphanumeric characters.

    Once you have responded to all prompts, the keypair will be generated. This may take a few minutes to generate depending on the key size that was chosen.

    If your system seems to hang at the following message:

    The system may require more entropy to generate the keypair, in a new shell session, install the rng-utils package:

    • Check and feed random data from an entropy source (e.g. hardware RNG device) to an entropy sink (e.g. kernel entropy pool) to provide the needed entropy for a secure keypair to be generated:

    • Check the amount of entropy available on your Linode. The value should be somewhere near 3000 for keypair generation.

  3. Verify the keys on your public keyring:

    The example output contains two public keys:

    Each value in the list represents the following information:

    • Public key: pub
    • Key size and type: 4096R
    • Short key ID: A11C0F78
    • Creation date: 2018-08-02
    • Expiration date: [expires: 2018-09-01]
    • User IDs: exampleName2 (example comment) <[email protected]>
    • Subkey: sub

Throughout the remainder of this guide, the first public key will be used to encrypt our message. The output may vary slightly depending on the version of Ubuntu you are using.

Generate a Revocation Certificate

A revocation certificate is useful if you forget your passphrase or if your private key is somehow compromised. It is used to notify others that the public key is no longer valid. Create the revocation certificate immediately after generating your public key.

Generate a revocation certificate. Replace [email protected] with the email address associated with the public key:

  • A prompt will ask you to select a reason for the revocation and provide an optional description. The default reason is recommended.
  • The revocation certificate will be saved to the current directory as a file named revoke.asc. Save the certificate to a safe location on a different system so that you can access it in case your key is compromised in the future.

Once you’ve revoked a public key it cannot be used to encrypt future messages to you. It can still be used to verify signatures that you made in the past and to decrypt past messages sent to you.

Exchange Public Keys

You will need to exchange public keys with someone in order to securely communicate with them. If you do not want to make your key available on a key server, you can exchange keys with someone directly by exporting your public key and sending them directly to the recipient.

Export Your Public Key

Email Encryption Gmail

  1. Export the public key. Replace public-key.gpg with a desired name for the file and [email protected] with the email address associated with your key’s user id:

    The file will save to the current directory.

  2. Send the public-key.gpg file to the recipient in an email or copy and paste the contents of the public-key.gpg file.

  3. The recipient should import the public key and validate it in order to use it to decrypt a message sent by you.

Import and Validate a Public Key

You can add someone else’s public key to your public keyring by importing it. The user’s public key must first be sent to you, by email or some other format, before you can import it to your public key ring. When the key is imported you should verify the key by checking its fingerprint and then signing it.

  1. Once you’ve received the user’s public key and the .gpg file is saved to your Linode, import it to your public key ring. Replace public-key.gpg with the file name of the public key you will import. If your file is saved somewhere other than the current directory, make sure you use the full path to the file:

  2. Verify that the public key has been added to your public key ring:

  3. Check the key’s fingerprint:

    The output will resemble the following

    /windows-81-professional-key-generator.html. The answer is clear: it is necessary for Windows 8.1 Pro 9600 installing procedure. Anyway, you need re-activate your OS once more again. Windows 8.1 Product Key generator is a latest and top quality version of Windows 8.1 therefore to avail the entire and excellent top features of Windows.

    Ask the owner of the public key to send you their public key’s fingerprint and verify that the fingerprint values match. If they match, you can be confident that the key you have added is a valid copy of the owner’s public key.

  4. When you have verified the public key’s fingerprint, sign the public key with your own key to officially validate it. Replace [email protected] with the associated email for the key you are validating:

    Enter your passphrase when prompted.

  5. View the public key’s signatures to verify that your signature has been added:

  6. You can export the signature to the public key and then send the signed copy back to the owner of the public key to boost the key’s level of confidence for future users:

    Send the signed key to the public key owner via email so they can import the signature to their GPG database.

Submit Your Public Key to a Key Server

You can submit your public key to a GPG server to make it available to the general public. The GnuPG configuration file ~/.gnupg/gpg.conf by default sets the key server as hkp://keys.gnupg.net and provides examples of other key servers that can be used in the file’s comments. Since key servers around the globe synchronize their keys to each other it should not be necessary to change the default value set in the configuration file.

  1. Find the long key ID for the public key you would like to send to the key server:

    You will see an output similar to the example. The long key ID is the value after the key size 4096R in the pub row. In the example the long key ID is C7277DE1A11C0F78:

  2. To send your public key to the default key server use the following command and replace keyid with your public key’s long key ID:

  3. Anyone can request your public key from the key server with the following command:

    The public key will be added to the user’s trust database using thetrustdb.gpg file.

Encrypt a Message

After you have obtained someone’s public keys, you can send them encrypted messages. When you are encrypting a message to send to someone, you are using their public key to encrypt the message. Only the holder of the corresponding private key will be able to decrypt the message.

Public Key Encryption Rsa

To encrypt a message:

Replace encrypted-doc.gpg with a name for the encrypted version of your document, [email protected] with the email associated with the public key of the encrypted message’s recipient, [email protected] with your own public key’s associated email and doc-to-encrypt.txt with the name of the document you will encrypt. If the document is not in the current directory, include the full path to the document.

The extension .gpg is used for encrypted/binary data and .asc or .sig is used for detached or clearsign signatures. Including the --armor flag will encrypt the message in plain text.

Decrypt a Message

A message will need to have been encrypted with your public key for you to able to decrypt it with your private key. Ensure that anyone that will be sending you an encrypted message has a copy of your public key.

To decrypt a message:

Replace decrypted-doc with the name you want to assign to the decrypted message and doc-to-decrypt.gpg with the name of the encrypted document. If the document is not in the current directory, include the full path to the document.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Join our Community

Please enable JavaScript to view the comments powered by Disqus.comments powered by Disqus

This guide is published under a CC BY-ND 4.0 license.