KB Article #178853
How to generate a SHA2 PGP Key pair
Problem
B2Bi generates a SHA1 PGP key pair by default and some of the other applications have started to restrict PGP key pairs to SHA256 based algorithms.
Resolution
A SHA2 based PGP key can be generated on a Linux OS using the "gpg" utility.
- Run the command "gpg" without arguments to confirm it is available.
- The "gpg.conf" file found in "/home/<user>/.gnupg/" needs to be edited and the following two lines should be added.
personal-digest-preferences SHA256 cert-digest-algo SHA256
Save changes to "gpg.conf".
- Now, generate a key pair using "gpg --gen-key" command and following the prompts.
- Once generated, the following information is shown.
gpg: key 7F359C9D marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2022-09-11
pub 2048R/7F359C9D 2017-09-19 [expires: 2022-09-18]
Key fingerprint = E0AA 8F26 A337 0EE8 E916 3BE8 9B69 D7C2 7F35 9C9D
uid Anvesh2 (anvesh3) <a@b.com>
sub 2048R/195A5F07 2017-09-19 [expires: 2022-09-18]
- Note down the key ID which is a eight character value (7F359C9D in this case) and rest of the key details.
- Now, run the following commands to export the secret PGP keyring with armor in ".asc" format:
$ gpg --export --armor [key ID] > filename.asc
- Verify "digest algo" to confirm SHA1 or SHA2 (1 means MD5, 2 means SHA1, 8 means SHA256) by running the following command:
$ gpg -vv filename.asc
- Once verified that it is a SHA2 key, run following command to export key with secret keyring and public key. Export key with secret keyring in .asc format:
$ gpg --export-secret-keys -a keyid > my_private_key.asc
You can import this secret keyring into B2Bi under the "Community > Certificates > PGP certificates" tab and export the public key to provide to your partner.