Configuring the PGP Key Store

PGP key pair generation is needed when you want to manage end-to-end PGP envelopes. Depending on the target operation to be performed (digital signature, encryption), you must select the appropriate key type.

To generate a new RSA public/private key pair, go to Setup → PGP Key Store → New.

You can import an existing private keyring by clicking the Import button in Setup → PGP Key Store → Import.

Warning!

A keyring can either be in an armor or binary format, and the system will automatically self-detect it.

Select the file and enter the password.

Capt. Eddie to ground control:

"Make sure you have the password configured during secret creation!"

Clicking the 3-dot icon on the right of the entry, you can view the details, delete, export, or create a sub key for your key or certificate.

In a PGP environment, it is often useful to preserve the master private key and operate using a subkey, signed with the master key.
To generate a sub key, click the three-dot icon on the right of the master key and select the Create Sub Key option.
In the PGP Key Store window, select the options:

Any Master/Sub-key combination is possible. Typically use:

• RSA_GENERAL master → RSA GENERAL sub-key
• DSA master → any ElGamal as sub-key

To export an existing private keyring, click the three-dot icon on the right of the master key and select the Export Key option.
In the PGP Key Store window, select the options:

1. Export Format:
   a. PEM
   b. DER
2. Password and confirm Password.
3. Click Save.