2. Generación de nuestra clave

2.1. Paso a paso

Pues nos ponemos a ello:

	$ gpg --gen-key
	
	  gpg (GnuPG) 1.2.0; Copyright (C) 2002 Free Software Foundation, Inc.
	  This program comes with ABSOLUTELY NO WARRANTY.
	  This is free software, and you are welcome to redistribute it
	  under certain conditions. See the file COPYING for details.

	  gpg: keyring `/home/apmso/.gnupg/secring.gpg' created
	  Please select what kind of key you want:
	  (1) DSA and ElGamal (default)
	  (2) DSA (sign only)
	  (5) RSA (sign only)
	  Your selection? 1
	  DSA keypair will have 1024 bits.
	  About to generate a new ELG-E keypair.
              minimum keysize is  768 bits
              default keysize is 1024 bits
	      highest suggested keysize is 2048 bits
	  What keysize do you want? (1024)
	  Requested keysize is 1024 bits   
	  Please specify how long the key should be valid.
	       0 = key does not expire
	    <n>  = key expires in n days
	    <n>w = key expires in n weeks
	    <n>m = key expires in n months
	    <n>y = key expires in n years
	  Key is valid for? (0)
	  Key does not expire at all
	  Is this correct (y/n)? y
                        
	  You need a User-ID to identify your key; the software constructs the user id
	  from Real Name, Comment and Email Address in this form:
	  "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

	  Real name: Alberto Pesquera Martín
	  Email address: apm@sindominio.net
	  Comment:                      
	  You selected this USER-ID:
	  "Alberto Pesquera Martín <apm@sindominio.net>"

	    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
	  You need a Passphrase to protect your secret key.

	  Enter passphrase: 
	  Repeat passphrase: 

	  We need to generate a lot of random bytes. It is a good idea to perform
	  some other action (type on the keyboard, move the mouse, utilize the
	  disks) during the prime generation; this gives the random number
	  generator a better chance to gain enough entropy.

	  /home/apm/.gnupg/trustdb.gpg: trustdb created
	  fpublic and secret key created and signed.
	  key marked as ultimately trusted.
	  
	  pub  1024D/6DA790AC 2002-12-12 Alberto Pesquera Martín <apm@sindominio.net>
	  Key fingerprint = 0846 8248 DEE5 7E7C FAA7  91B0 AD99 E8DA 6DA7 90AC
	  sub  1024g/EDB53196 2002-12-12
	
      

Con esto ya tenemos una clave gpg para firmar nuestros mensajes de correo electrónico.

2.2. Exportar la clave pública

Para que puedan saber que somos nosotros los que firmamos el mensaje, debemos darles nuestra clave pública. Que es sólamente una parte de nuestro sistema de Firma Digital, de cara a los demas.

Para ello exportamos nuestra clave: gpg --export -a <usuario>

	$ gpg --export -a apm > clave-pub.asc
      

La opción -a sirve para exportar la clave en formato ascii (texto). Y la opción > redirecciona la salida a un archivo (clave-pub.asc); ya que sino la clave pública simplemente aparecería en la pantalla.

Ahora solo queda ponerla disponible al público, bien mediante la página web personal, un anillo de claves, o un servidor de claves.

Se recomienda NO adjuntar la clave pública en los mensajes de correo electrónico, ya que SÓLO genera ruido. A cambio se suele poner un enlace a la misma, y/o la huella dactilar (fingerprint).