Manage PGP Keys with PGP Desktop 8.x


Article ID: 153169


Updated On:


Symantec Products


This article describes how to manage PGP keys in PGP Desktop 8.x.


PGP encryption is based on public-key cryptography. In order to use PGP you must create a PGP keypair, which consists of a public key and a private key. Your public key should be given to anyone who wishes to send you encrypted data. Your private key, however, should never be given to others, and its passphrase should be kept totally secret. When someone wishes to send you encrypted data they use your public key to encrypt the data, which changes the data into illegible 'cipher' text.

Once the data is encrypted with your public key, it may only be decrypted by your private key, for which only you know the passphrase. Thus when you want to send someone encrypted data, you use their public key to encrypt the data, which may then only be decrypted by their private key. When data is encrypted with a public key, it is common to say that the data was encrypted 'to' the public key. For more information about public-key cryptography, please refer to the 'Intro to Crypto' document provided with your PGP software (it may be found under Start > Programs > PGP > Documentation).

Note: If you lose your private key or forget its passphrase, you will be unable to decrypt any data which was encrypted to the public portion of your keypair. Therefore it is very important to remember your passphrase and have a back-up copy of your keypair.

Create a PGP keypair  

  1. Open the PGPkeys window (click the gray or gold padlock in your system tray, your PGPtray icon, then click PGPkeys).
  2. To begin creating a new keypair, click the Keys menu, then click New Key.
  3. When the PGP Key Generation Welcome Screen appears, click Next. If you are an experienced user and wish to specify the type, size, or expiration date of your keypair, click the Expert button.
  4. Enter your name and Email address, then click Next.
  5. You may uncheck the Hide Typing button to view your passphrase as you type it. Enter and confirm a passphrase for your private key, then click Next.

    Caution PGP is only as strong as your passphrase, choose a strong passphrase. Your passphrase is case-sensitive. If your passphrase is not 8 characters or longer, you may either click Next on the following screen, or click back to lengthen your passphrase.

  6. After your PGP keypair has been generated, click Next.
  7. To complete the keypair generation, click Finish. You will now see your new keypair in your PGPkeys window, expanded to show your email address and digital signature.

Import a PGP key 

To import PGP key:

  1. Open the PGPkeys window (click the gray or gold padlock in your system tray, your PGPtray icon, then click PGPkeys).
  2. To import a key (or keypair), click the Keys menu, then click Import.
  3. Browse to the key you wish to import, then click Open.
  4. When the Select Keys window appears, make sure the key you wish to import is highlighted, then click the Import button.
  5. If you are importing your own public/private keypair, click OK on the PGP information box.
  6. Right click on the newly-imported keypair, then click Properties.
  7. Click the Implicit Trust checkbox, then click Close.

Change your keyring, or create a new one 

  1. Click the PGPtray icon (gray or gold padlock), then click Options.
  2. Click the Files tab.
  3. To change your current keyrings to a different set of keyrings, type the location of (or browse to) the desired public and private keyring files, then click OK.
  4. To create brand new, and empty, keyring files, simply enter (or browse to) the desired location, then type a name for your new public and private keyring files.
  5. When you click OK, you will be told that the files you specified will be created. Click 'No' twice if you want new and empty keyrings. Click Yes twice if you want to copy your existing keyrings to the new location.