PGP Key Store

PGP key pair generation is needed when you want to manage end-to-end PGP envelopes. Depending on the target operation to be performed (digital signature, encryption), you must select the appropriate key type.

To generate a new RSA public or private key pair, follow these steps:

1. Click on Setup → PGP Key Stores.

2. In the Select a cluster drop-down list, select a cluster.

3. Click the NEW button and fill in these fields:

You can import an existing private keyring by clicking the IMPORT button. You just need to select the file and enter the password.

Clicking the 3-dot icon on the right of the entry, you can view the details, delete, export, or create a sub key for your key or certificate.

In a PGP environment, it is often useful to preserve the master private key and operate using a subkey, signed with the master key.

To generate a subkey, click the three-dot icon on the right of the master key and select the Create Sub Key option. In the PGP Key Store window, select the options:

Any Master/Sub-key combination is possible. Typically use:

• RSA_GENERAL master → RSA GENERAL sub-key

• DSA master → any ElGamal as sub-key

To view which sub-key is associated with a master key press the button on the left:

To export an existing private keyring, click the three-dot icon on the right of the master key and select the Export Key option.

In the PGP Key Store window, select the options:

1. Export Format: a. PEM b. DER

2. Password and confirm Password.

3. Click Save.