Verified by Priya Mervana - Last reviewed: April 2026 | Based on 10+ years of SSL/TLS security research and PKI configuration analysis across enterprise and web environments at SSLInsights.com.
QUICK DEFINITION
A PGP key pair consists of two mathematically linked keys: a public key you share freely so others can encrypt messages to you, and a private key you keep secret to decrypt those messages and sign your own communications. The pair works together - anything encrypted with one key can only be decrypted by the other. No one holding only your public key can read your messages.
Source: Priya Mervna, SSLInsights - web security expert, 10+ years
Generating a PGP key pair takes under five minutes on any operating system. Run gpg --full-generate-key in your terminal, choose RSA 4096-bit, set a strong passphrase, and you have a public/private key pair ready for encrypting emails and files. This guide covers the exact steps for Windows, macOS, and Linux, plus what to do with your keys once they exist.
The global email encryption market reached USD 9.34 billion in 2025 and is growing at 15.68% annually, according to the Research and Markets global email encryption forecast (2025). PGP remains a primary technique alongside TLS and S/MIME for organizations that need to secure PGP key pair for email encryption at the individual level - outside the enterprise gateway.
What Do You Need Before Generating a PGP Key Pair?
Three things are required before running any command:
- GPG software installed for your OS - Gpg4win for Windows, GPG Suite for Mac, or the gnupg package for Linux
- A strong passphrase - at least 20 characters, not based on dictionary words or personal information
- An email address to associate with the key, which identifies you to anyone who imports it
No registration, no certificate authority, and no cost. The key pair you generate is self-sovereign - it belongs to you and is verified only by the math.
In reviewing SSL and encryption configurations across hundreds of web environments at SSLInsights, one consistent finding stands out: practitioners who skip passphrase planning at key generation time are the same practitioners who end up with unprotected private keys. A weak passphrase at the start creates a security debt that compounds every time the key is used.
How to Generate a PGP Key on Windows
Windows users generate PGP keys through Gpg4win, which packages GnuPG with a Windows-native interface and full command-line tools.
- Install Gpg4win - download from gpg4win.org. During setup, confirm command-line tools are selected alongside the Kleopatra graphical interface.
- Open Command Prompt - press Win + R, type
cmd, hit Enter. - Start key generation -
gpg --full-generate-key - Select key type and size - choose option 1 (RSA and RSA), then enter
4096for key size. As noted in the GnuPG LargeKeys wiki, GnuPG's default moved to 3072-bit RSA from version 2.2.22 onward - choosing 4096 gives a larger security margin for long-lived personal keys. - Set expiration - press Enter for no expiry, or type
2yfor a two-year validity period. A key with an expiration date limits exposure if it is ever lost or compromised. - Enter your identity - type your real name, email address, and an optional comment. This information is embedded in your public key.
- Create your passphrase - choose 20+ characters. This is the only protection on your private key if someone accesses your machine.
- Generate entropy - move your mouse and type randomly as prompted. This randomness seeds the key generation.
- Export your public key (share with others):
gpg --armor --export YOUR_EMAIL - Back up your private key (store offline, never share):
gpg -o private.key --export-secret-keys YOUR_EMAIL
For long-term key storage on Windows, consider moving private.key to an encrypted USB drive (VeraCrypt works well) kept physically separate from your computer.
How to Generate a PGP Key on macOS
The macOS process uses GPG Suite, which installs cleanly and provides both Terminal commands and a visual keychain manager called GPG Keychain.
- Install GPG Suite - download from gpgtools.org. The suite includes the underlying GPG command-line tools.
- Open Terminal - Finder → Applications → Utilities → Terminal.
- Start key generation:
gpg --full-generate-key - Choose RSA, option 1, then enter 4096 for key size.
- Set expiration - press Enter for no expiry, or enter a period like
1y. - Enter your name and email to identify the key.
- Create a strong passphrase - 20+ characters, not a recognizable phrase.
- Generate entropy by moving your cursor as instructed.
- Export your public key:
gpg --armor --export your.email@address.com - Back up your private key:
gpg -o private.key --export-secret-keys your.email@address.com
Store the private.key file on an encrypted USB drive kept offline. GPG Keychain provides a visual interface for managing multiple keys, which is useful when handling keys for several email addresses or projects.
How to Generate a PGP Key in Linux
Linux makes PGP key generation straightforward via GnuPG, available in every major distribution's package manager.
- Install GnuPG:
- Debian/Ubuntu:
sudo apt install gnupg - RedHat/CentOS:
sudo yum install gnupg2
- Start key generation:
gpg --full-generate-key - Select RSA, option 1, then 4096 for key size.
- Enter your name and email.
- Create a strong passphrase.
- Generate entropy by moving your mouse as prompted.
- Export your public key:
gpg --armor --export your.email@address.com > public.key - Back up your private key:
gpg -o private.key --export-secret-keys your.email@address.com
On headless Linux servers, entropy generation can stall. Install haveged (sudo apt install haveged) before key generation to ensure sufficient randomness without waiting.
What PGP Key Size Should You Use - RSA 2048 vs 4096?
RSA 4096 is the right choice for new keys generated today. The performance difference on modern hardware is negligible, and the security margin is meaningfully larger for data that needs to stay protected for years.
NIST Special Publication 800-57 Part 1 Rev. 5 classifies RSA key security as follows:
| Key Size | Equivalent Symmetric Strength | Secure Through (NIST estimate) |
| RSA 2048 | 112-bit symmetric | Acceptable through ~2030 only |
| RSA 3072 | 128-bit symmetric | Beyond 2030 (preferred minimum) |
| RSA 4096 | ~140-bit symmetric | Well beyond 2030 |
RSA 2048 is the floor - not the recommendation - for any key that will protect data beyond 2030. Since GnuPG 2.2.22, the default shifted to 3072-bit; manually selecting 4096 gives the additional margin documented in the GnuPG LargeKeys wiki.
Should you use ECC instead of RSA for PGP? ECC (specifically Curve25519/Ed25519) produces smaller, faster keys with equivalent or greater security at shorter lengths - a 256-bit ECC key matches a 3072-bit RSA key by NIST estimates. GPG supports ECC keys via option 9 (ECC and ECC) in the key generation menu. For users generating keys that will be widely distributed or used on constrained devices, ECC is worth evaluating. For most practitioners today, RSA 4096 remains the default because compatibility with older GPG versions is guaranteed.
Priya Mervana
Verified Web Security Expert | SSLInsights.com
"The passphrase question is where most people underestimate their real risk. In configurations reviewed at SSLInsights, users routinely choose passphrases under 12 characters - often a name or a word - which provides minimal protection if a key file is ever copied. The mathematical strength of RSA 4096 becomes irrelevant the moment a weak passphrase is cracked. Set 20 characters minimum and construct it from something only you could build."
How to Share and Import PGP Public Keys
Once your key pair exists, you can begin encrypting communications with others by exchanging public keys.
- Get their public key - ask them to export it and send it to you, or search a public keyserver like keys.openpgp.org.
- Import their key into your keyring:
gpg --import their_public_key.txt - Verify the key fingerprint out-of-band (over a phone call or in person) before trusting it. Never rely solely on an emailed key without fingerprint verification.
- Encrypt a message to them using the how to encrypt email with PGP workflow:
gpg --encrypt --recipient their.email@address.com message.txt - Share your public key by exporting it, emailing it directly, or submitting it to a keyserver. Your public key is meant to be public - sharing it widely is correct behavior.
For how to encrypt email with PGP inside a mail client, Thunderbird's built-in OpenPGP support (available since Thunderbird 78) handles key import and encryption without any plugin. Import your GPG-generated key via Thunderbird's Account Settings → End-To-End Encryption → Add Key. To understand the underlying protocol that makes key exchange secure, the asymmetric encryption guide on SSLInsights covers the math in accessible terms.
How to Set a PGP Key Expiration Date
Setting an expiration date on your PGP key is a best practice, not optional. An expiration date limits the window of exposure if your key is ever lost or compromised without your knowledge. Recipients who find an expired key on a keyserver know immediately that it should not be used - which is more informative than a key that simply disappears.
Should you set a PGP key expiration date? Yes. A one- to two-year validity period is a reasonable default. You can always extend the expiration date before it lapses using gpg --edit-key YOUR_EMAIL, then typing expire at the prompt. This renews the key without generating a new key pair, preserving your existing web of trust.
How to Revoke a PGP Key
If your private key is compromised or lost, revocation is the only way to signal to the world that the key should no longer be trusted. Generate a revocation certificate at the moment of key creation - before you need it:
gpg --gen-revoke YOUR_EMAIL > revoke.asc
Store this file offline and separate from your private key. When revocation is needed, import the certificate and publish it to the keyserver you used:
gpg --import revoke.asc gpg --keyserver keys.openpgp.org --send-keys YOUR_KEY_ID
Anyone who refreshes your key from that keyserver will then see it as revoked. Users who downloaded your public key before revocation will not know unless they refresh - which is why keyserver publication is important.
PGP Key Management Best Practices
Good key generation is only the starting point. How you store, rotate, and revoke keys determines how secure your communications actually remain.
- Generate keys on a secure, offline machine - avoid shared or public computers
- Use a passphrase of 20+ characters; avoid real words and patterns
- Back up your private key to an encrypted USB drive in a physically secure location
- Set an expiration date and extend it proactively - this limits exposure if the key is compromised
- Submit your public key to openpgp.org so contacts can find and verify it
- Create a revocation certificate at key generation time and store it separately from the private key
- Consider using subkeys for day-to-day operations, keeping your master key offline and protected
- Verify fingerprints out-of-band before extending trust to any imported key
For a practical look at best practices for email encryption applied across organizational environments, the SSLInsights email encryption guide covers the full workflow from key generation through policy enforcement.
Priya Mervana
Verified Web Security Expert | SSLInsights.com | 10+ years in SSL, Encryption & Online Privacy
PRACTITIONER’S NOTE
One pattern I see repeatedly: people generate their PGP key correctly, export the public key, and then store the private key backup in the same cloud folder they use for everything else. A private key file in an unencrypted cloud sync folder - even named something obscure - is not a backup. It is a liability. The only acceptable storage for a private key backup is an encrypted drive kept physically separate from your daily machine. If that feels like overkill, consider what the private key actually protects: every encrypted message you have ever received.
– Priya Mervana | Verified Web Security Expert, SSLInsights.com
Frequently Asked Questions
What is the difference between PGP and GPG?
PGP (Pretty Good Privacy) is the original email encryption standard created by Phil Zimmermann in 1991, which later became the OpenPGP specification (RFC 4880). GPG (GNU Privacy Guard) is the free, open-source implementation of that standard - it is what you actually install and run on Windows, Mac, or Linux. When documentation says "generate a PGP key," it means using GPG to create a key that is fully OpenPGP-compatible. The two terms are used interchangeably in practice; the functional difference for everyday users is zero.
What PGP key size should I use in 2026 - RSA 2048 or 4096?
RSA 4096 is the right choice for any new key generated today. NIST Special Publication 800-57 classifies RSA 2048 as acceptable only through approximately 2030, while RSA 4096 provides a security margin well beyond that threshold. Since GnuPG version 2.2.22, the software's default shifted to 3072-bit - manually selecting 4096 during key generation gives you the additional margin GnuPG's own documentation recommends for long-lived personal keys. The performance difference on modern hardware is negligible.
What makes a strong PGP passphrase?
A strong PGP passphrase should be at least 20 characters long and avoid dictionary words, names, dates, or recognizable patterns. The passphrase is the only barrier protecting your private key if someone gains access to your machine or copies your key file - the cryptographic strength of RSA 4096 becomes irrelevant against a weak passphrase. Use a phrase only you could construct: a combination of unrelated words, numbers, and symbols that has no personal connection visible to others. Never reuse a passphrase from another account or service.
Should I set an expiration date on my PGP key?
Yes - setting an expiration date of one to two years is a recommended best practice, not an optional step. An expiry date limits exposure if your key is ever lost or compromised without your knowledge, because anyone who retrieves the key from a keyserver will see it is no longer valid. You can extend the expiration date before it lapses using gpg --edit-key YOUR_EMAIL without generating a new key pair, so your existing web of trust is preserved. A key with no expiry and no revocation certificate is far more dangerous than one that simply expires.
What should I do if my PGP private key is compromised?
If your private key is compromised, publish a revocation certificate to every keyserver you used - this is the first action, before anything else. An attacker holding your private key can decrypt all past communications protected by that key, forge digital signatures in your name, and impersonate you to anyone who trusts your public key. After publishing the revocation, generate a new key pair and notify anyone who held your old public key directly. This is why generating a revocation certificate at key creation time - and storing it separately from the private key - is mandatory, not optional.
Can I recover a PGP private key if it is lost?
No - a lost PGP private key cannot be recovered, reconstructed from the public key, or derived from any encrypted data it produced. The one-way mathematical functions underlying RSA and ECC make reverse-engineering the private key from any available information computationally infeasible. If the key is lost without an encrypted backup, the only path forward is generating a new key pair and reissuing your public key to all contacts. This is why creating an encrypted, offline backup of the private key file at the moment of generation is not optional - it is the single most important step in key management.
