# PGP Key Store
PGP key pair generation is needed when you want to manage end-to-end PGP envelopes. Depending on the target operation to be performed (digital signature, encryption), you must select the appropriate key type.
To generate a new RSA public or private key pair, follow these steps:
1. Click on **Setup** → **PGP Key Stores**.
2. In the **Select a cluster** drop-down list, select a cluster.
3. Click the **NEW** button and fill in these fields:
| Field | Description |
| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **USER IDS** | Insert the user id. |
| **VALIDITY IN DAYS** | Insert the number of days the key must be available. |
| **KEY LENGTH** |
Select the length of the key. Please note that a recommended ‘key length’ should have key-length > subkey-length. Usually, 2048 is the recommended value for each asymmetrical algorithm in the list. Possible values: SIZE\_1024 SIZE\_2048 (default) SIZE\_3072 SIZE\_4096
|
| **TYPE** |
Select the type of key. Possible values: RSA\_GENERAL RSA\_SIGN RSA\_DSA
|
You can import an existing private keyring by clicking the **IMPORT** button. You just need to select the file and enter the password.
{% hint style="info" %}
A keyring can either be in an armor or binary format, and the system will automatically self-detect it.
{% endhint %}
{% hint style="danger" %}
Make sure you have the password configured during secret creation!
{% endhint %}
Clicking the 3-dot icon on the right of the entry, you can view the details, delete, export, or create a sub key for your key or certificate.
In a PGP environment, it is often useful to preserve the master private key and operate using a subkey, signed with the master key.
To **generate a subkey**, click the three-dot icon on the right of the master key and select the **Create Sub Key** option.\
In the **PGP Key Store** window, select the options:
| Properties | Description |
| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **VALIDITY IN DAYS** | Insert the number of days the key must be available |
| **KEY LENGTH** |
Possible values: SIZE\_1024 SIZE\_2048 (default) SIZE\_3072 SIZE\_4096
|
| **TYPE** |
Select type. Possible values: RSA\_GENERAL RSA\_SIGN RSA\_DSA RSA\_ENCRYPT
|
Any Master/Sub-key combination is possible. Typically use:
* RSA\_GENERAL master → RSA GENERAL sub-key
* DSA master → any ElGamal as sub-key
To view which sub-key is associated with a master key press the  button on the left:
To **export an existing private keyring**, click the three-dot icon on the right of the master key and select the **Export Key** option.
In the **PGP Key Store** window, select the options:
1. Export Format:\
a. PEM\
b. DER
2. Password and confirm Password.
3. Click **Save**.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.primeur.com/data-mover-1.21/security/key-stores-and-trust-stores/pgp-key-store-and-pgp-trust-store/pgp-key-store.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.