# Generating a new key pair Kryptor will randomly generate an asymmetric key pair and use your passphrase to encrypt the private key. For security reasons, this involves a slight delay. The asymmetric keys will be exported to files (`.public` and `.private`), and the file paths will be displayed in the terminal. The public key will also be displayed in the terminal as a Base64 string, which can be copied and pasted. **Only the public key should be shared**. {% hint style="warning" %} * To protect the private key, **always use a strong passphrase**! * To ensure that the private key can always be decrypted, **only use** [**ASCII**](https://www.rfc-editor.org/rfc/rfc20) **characters in passphrases**. For example, use a [password manager](https://bitwarden.com/) to randomly generate passwords/passphrases. * **Always** back up the **private key** file to external storage (e.g. memory sticks). * **Never** share your **private key** file! Keep it **secret** and **offline**! {% endhint %} The default key directory depends on your operating system: * Windows: `%USERPROFILE%/.kryptor` * Linux: `/home/.kryptor` * macOS: `/Users/USERNAME/.kryptor` Using the default key directory saves you typing in the path of your private key each time you want to use it. Here's an example of using the default key directory: ```bash $ kryptor -g Please select a key pair type (type 1 or 2): 1) Encryption 2) Signing 2 Enter a passphrase (leave empty for a random one): Retype passphrase: Deriving encryption key from passphrase... Public key: Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU= Public key file: "C:\Users\samuel-lucas6\.kryptor\signing.public" Private key file: "C:\Users\samuel-lucas6\.kryptor\signing.private" - Keep this secret! IMPORTANT: Please back up these files to external storage (e.g. memory sticks). ``` This can also be done non-interactively like so, specifying `-e` for encryption or `-s` for signing: ```bash $ kryptor -g -s -p:"NA2nxxj.Ip^EH96hq1Y:Lv;Of" ``` Here's an example of specifying a custom key directory: ```bash $ kryptor -g "C:\Users\samuel-lucas6\Documents\Keys" ``` You can share your encryption public key string/file with other people so they can send you an encrypted file that only you and any other specified recipients will be able to decrypt. You can share your signing public key string/file to allow other people to verify signatures you created so people can verify the authenticity of files. ## Specifying a comment When generating a new key pair, you can include a comment in the public/private key files as an identifier. Note that this is not authenticated in any way, so it can be changed without detection. Here's an example: ```bash $ kryptor -g -c "username@domain.com" ``` ## Overwriting key pairs If you've already generated a key pair for the default/custom directory, you must specify that you want to overwrite the existing key pair when generating a new key pair of the same type (encryption or signing). {% hint style="danger" %} This will **replace** the existing key pair.​ Make sure you **back up the old key pair** if you don't want to lose access to it. {% endhint %} Here's an example: ```bash $ kryptor -g -o ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.kryptor.co.uk/tutorial/generating-a-new-key-pair.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.