Skip to content
DevNursery.com - New Web Developer Docs
GitHub

SSH & GPG

SSH Keys: An Introduction

SSH (Secure Shell) keys are a pair of cryptographic keys used for secure communication and authentication between two computers over a network. These keys provide a higher level of security compared to traditional password-based authentication.

There are two types of SSH keys:

Public Key: This key is shared with other parties or remote servers. It is used to encrypt data or verify digital signatures created with the associated private key.

Private Key: This key is kept confidential and should never be shared. It is used to decrypt data encrypted with the corresponding public key and to sign data for authentication purposes.

Creating SSH Keys on the Command Line

To create SSH keys on the command line, you can use the ssh-keygen tool, which is commonly available on Unix-like operating systems. Here’s how you can create SSH keys with various options:

Generating a Default SSH Key Pair:

The following command generates an RSA key pair (the most common type) with default settings:

ssh-keygen

This command will prompt you to choose a location for the keys (typically ~/.ssh/id_rsa), and optionally, set a passphrase for added security. You can press Enter to use the default location and leave the passphrase empty for no passphrase.

Specifying Key Type and Length:

You can specify the key type (RSA, DSA, ECDSA, or Ed25519) and length (e.g., 2048, 4096) using the -t and -b options:

ssh-keygen -t rsa -b 4096

Setting Output File:

Use the -f option to specify a custom filename for your key pair:

ssh-keygen -f ~/.ssh/my_key

Adding a Passphrase:

To add a passphrase to your private key for added security, use the -P option. You will be prompted to enter the passphrase:

ssh-keygen -t rsa -b 4096 -P

Choosing Key File Format:

By default, ssh-keygen generates keys in OpenSSH format. If you need a different format, use the -m option:

ssh-keygen -t rsa -b 4096 -m PEM

Supported formats include RFC4716, PEM, and PKCS8.

Generating Ed25519 Keys:

Ed25519 is a modern and secure elliptic curve key type. To generate Ed25519 keys, use the -t option with ed25519:

ssh-keygen -t ed25519

Specifying Key Comment:

You can add a comment to your key using the -C option. The comment is usually your name or an identifier:

ssh-keygen -t rsa -b 4096 -C "My Key Comment"

Remember to securely store your private key and never share it with others. Your public key can be safely shared with remote servers or other users to enable secure SSH access. Using SSH keys enhances security by eliminating the need for password-based authentication, making it an essential practice for secure system administration and data transfer.

GPG Keys: An Introduction

GPG (GNU Privacy Guard) keys, also known as PGP (Pretty Good Privacy) keys, are cryptographic keys used for securing data, emails, and verifying digital signatures. GPG keys offer a robust way to encrypt sensitive information and ensure the authenticity of digital messages.

There are two primary components of a GPG key pair:

Public Key: This key is meant to be shared openly with others. It is used to encrypt data that can only be decrypted by the holder of the corresponding private key.

Private Key: This key is kept confidential and protected with a passphrase. It is used to decrypt data encrypted with the public key and to digitally sign messages or files.

Creating GPG Keys on the Command Line

To create GPG keys on the command line, you can use the gpg command. Here’s how you can generate GPG keys with various options:

Generating a Default GPG Key Pair:

The following command generates a default GPG key pair with RSA and RSA as the key type and size:

gpg --gen-key

This command will guide you through the key creation process, asking for details like your name, email address, and an optional passphrase to protect your private key.

Specifying Key Type and Size:

You can specify the key type and size using the —gen-key command with options like —gen-key rsa and —gen-key rsa2048:

gpg --gen-key --gen-key rsa2048

Setting Key Expiration:

To set an expiration date for your GPG key, use the —gen-key command with the —expires option:

gpg --gen-key --expires 365d

This example sets the key to expire in 365 days.

Adding a Comment:

You can add a comment or user ID to your GPG key using the —gen-key command with the —comment option:

gpg --gen-key --comment "My GPG Key"

Generating an ECC Key Pair:

If you prefer an elliptic curve key pair, you can use the —gen-key command with the —gen-key cv25519 option:

gpg --gen-key --gen-key cv25519

Creating a Revocation Certificate:

It’s a good practice to create a revocation certificate when generating your GPG key. This certificate allows you to revoke your key if it’s ever compromised. You can generate it using the —gen-revoke command:

gpg --gen-revoke -a "Your Name"

Remember to securely store your private key and the revocation certificate, and keep the passphrase for your private key safe. Your public key can be shared with others to enable secure communication and verify your digital signatures. GPG keys provide a high level of security for data encryption, email communication, and digital signatures, making them an important tool for privacy and authenticity in the digital world.