# GPG Configuration on Windows for Secure Mail [[Prev|gpg]] | *step 2 of 5* | [[Next|gpg3]] ## Generate a new GPG key 1. In the command window generate a new GPG key * Type **gpg --gen-key** * Choose the type **RSA (sign only)** * Choose size **4096** * Choose expiration **key does not expire** * Enter your Real name: **Foo Bar** * Enter your e-mail address: **foo@info9.net** * Select **Okay** and do some serious web surfing to keep your computer busy to create entropy while your key is generated! 1. Guard your GPG passphrase carefully * Your GPG key passphrase is like the password to your identity: take care in choosing a good password. It's actually better if it's not just one word, but a few words. * Do not lose this passphrase: it is impossible for anyone to recover it. 1. Make a note of your "Key ID" * {x} Write down the 8 hexidecimal digit key identifier (in the screenshot below it's **1C9771DB**) 1. Proceed to the [[Next|gpg3]] step [[!img gpg2.png align=left]]