Cryptoucan™ usage: Generating keys on Ubuntu

Written by Lída Hrnčířová on July 9, 2020.

In today’s blog post you’ll find how to generate your own set of cryptographic keys and revocation certificate on Ubuntu using Thunderbird email client.  All this information is neatly packed into our instructional video! And if you’re still not sure why would you need cryptographic keys and what is revocation certificate for, we covered those topics here too.

This is yet another important step in the process of getting your Cryptoucan™ do all the hard job for you in the long run. We’ve created a short instructional video that will guide you through the whole process!

Video 1: Generating Keys on Ubuntu using Thunderbird email client

If you’re not a fan of instructional videos, check out our step-by-step guide in written form with pictures of each step included! Click here to get to our brand new web page dedicated to Cryptoucan™ information.

Picture 1: Written guide available at

In case you’re a bit lost in the importance of encryption keys and revocation certificate, keep reading, we’re explaining everything!

What do you need encryption keys for?

To be able to sign, encrypt or decrypt e-mails, you have to generate your keys[1] first. You’re going to get three types of keys: signature key, authentication key and decryption key. All of them are pairs of private and public keys. Public key, as you can guess by its name, is for others to use to send you encrypted e-mails and to verify your signature. Private key is known only to you and you’ll be using it to sign your e-mails and to decrypt messages sent to you.

Picture 2: Key generation window


And what about Revocation Certificate?

Revocation certificate is a special type of a public key signature[2]. There are three common situations which will make you appreciate having revocation certificate:

    1. Your private key is no longer private – anyone who knows your private key and has access to the emails can read them.
    2. You’ve blocked your Cryptoucan irreversibly by entering incorrect admin PIN 3 too many times.
    3. You’ve generated new keys.

Once one of those situations happens, you can upload this certificate to key servers[3], basically saying: “I’m the owner of this key and I’m saying that the key is no longer to be valid” this way.
We strongly recommend you getting the certificate as it only takes a minute to get and it can save you a lot of trouble.

Picture 3: Enigmail Confirmation window asking you to generate certificate


And that’s all for this week, see you soon!


1. More info: Key management – introduction

2. More info: RFC 4880, Section 5.2.1

3. More info: Key server