PGP Key Store

PGP key pair generation is needed when you want to manage end-to-end PGP envelopes. Depending on the target operation to be performed (digital signature, encryption), you must select the appropriate key type.

To generate a new RSA public or private key pair, follow these steps:

  1. Click on Setup โ†’ PGP Key Stores.

  2. In the Select a cluster drop-down list, select a cluster.

  3. Click the NEW button and fill in these fields:

Field
Description

USER IDS

Insert the user id.

VALIDITY IN DAYS

Insert the number of days the key must be available.

KEY LENGTH

Select the length of the key. Please note that a recommended โ€˜key lengthโ€™ should have key-length > subkey-length. Usually, 2048 is the recommended value for each asymmetrical algorithm in the list. Possible values: SIZE_1024 SIZE_2048 (default) SIZE_3072 SIZE_4096

TYPE

Select the type of key. Possible values: RSA_GENERAL RSA_SIGN RSA_DSA

You can import an existing private keyring by clicking the IMPORT button. You just need to select the file and enter the password.

A keyring can either be in an armor or binary format, and the system will automatically self-detect it.

Clicking the 3-dot icon on the right of the entry, you can view the details, delete, export, or create a sub key for your key or certificate.

In a PGP environment, it is often useful to preserve the master private key and operate using a subkey, signed with the master key.

To generate a subkey, click the three-dot icon on the right of the master key and select the Create Sub Key option. In the PGP Key Store window, select the options:

Properties
Description

VALIDITY IN DAYS

Insert the number of days the key must be available

KEY LENGTH

Possible values: SIZE_1024 SIZE_2048 (default) SIZE_3072 SIZE_4096

TYPE

Select type. Possible values: RSA_GENERAL RSA_SIGN RSA_DSA RSA_ENCRYPT

Any Master/Sub-key combination is possible. Typically use:

  • RSA_GENERAL master โ†’ RSA GENERAL sub-key

  • DSA master โ†’ any ElGamal as sub-key

To view which sub-key is associated with a master key press the button on the left:

To export an existing private keyring, click the three-dot icon on the right of the master key and select the Export Key option.

In the PGP Key Store window, select the options:

  1. Export Format: a. PEM b. DER

  2. Password and confirm Password.

  3. Click Save.

Last updated