Configuring the PGP Key Store
PGP key pair generation is needed when you want to manage end-to-end PGP envelopes. Depending on the target operation to be performed (digital signature, encryption), you must select the appropriate key type.
To generate a new RSA public/private key pair, go to Setup → PGP Key Store → New.
Field | Description |
---|---|
USER IDS (*) | Insert the user id |
VALIDITY IN DAYS | Insert the number of days the key must be available |
KEY LENGTH | Select the length of the key. Please note: a recommended ‘key length’ should have key-length > subkey-length. Usually, 2048 is the recommended value for each asymmetrical algorithm in the list. Possible values: SIZE_1024 SIZE_2048 (default) SIZE_3072 SIZE_4096 |
TYPE (*) | Select the type of key. Possible values: RSA_GENERAL RSA_SIGN RSA_DSA |
You can import an existing private keyring by clicking the Import button in Setup → PGP Key Store → Import.
Select the file and enter the password.
Clicking the 3-dot icon on the right of the entry, you can view the details, delete, export, or create a sub key for your key or certificate.
In a PGP environment, it is often useful to preserve the master private key and operate using a subkey, signed with the master key.
To generate a sub key, click the three-dot icon on the right of the master key and select the Create Sub Key option.
In the PGP Key Store window, select the options:
Properties | Description |
---|---|
VALIDITY IN DAYS | Insert the number of days the key must be available |
KEY LENGTH | Possible values: SIZE_1024 SIZE_2048 (default) SIZE_3072 SIZE_4096 |
TYPE | Select type. Possible values: RSA_GENERAL RSA_SIGN RSA_DSA RSA_ENCRYPT |
Any Master/Sub-key combination is possible. Typically use:
- RSA_GENERAL master → RSA GENERAL sub-key
- DSA master → any ElGamal as sub-key
To view which sub-key is associated with a master key press the button on the left:
To export an existing private keyring, click the three-dot icon on the right of the master key and select the Export Key option.
In the PGP Key Store window, select the options:
- Export Format:
a. PEM
b. DER - Password and confirm Password.
- Click Save.
Updated 8 months ago