Configuring the PGP Key Store

PGP key pair generation is needed when you want to manage end-to-end PGP envelopes. Depending on the target operation to be performed (digital signature, encryption), you must select the appropriate key type.

To generate a new RSA public/private key pair, go to Setup → PGP Key Store → New.

FieldDescription
USER IDS (*) Insert the user id
VALIDITY IN DAYS Insert the number of days the key must be available
KEY LENGTH Select the length of the key. Please note: a recommended ‘key length’ should have key-length > subkey-length. Usually, 2048 is the recommended value for each asymmetrical algorithm in the list.
Possible values:
SIZE_1024
SIZE_2048
(default)
SIZE_3072
SIZE_4096
TYPE (*) Select the type of key. Possible values:
RSA_GENERAL
RSA_SIGN
RSA_DSA

You can import an existing private keyring by clicking the Import button in Setup → PGP Key Store → Import.

Warning!

A keyring can either be in an armor or binary format, and the system will automatically self-detect it.

Select the file and enter the password.

Capt. Eddie to ground control:

"Make sure you have the password configured during secret creation!"

Clicking the 3-dot icon on the right of the entry, you can view the details, delete, export, or create a sub key for your key or certificate.

In a PGP environment, it is often useful to preserve the master private key and operate using a subkey, signed with the master key.
To generate a sub key, click the three-dot icon on the right of the master key and select the Create Sub Key option.
In the PGP Key Store window, select the options:

PropertiesDescription
VALIDITY IN DAYS Insert the number of days the key must be available
KEY LENGTH Possible values:
SIZE_1024
SIZE_2048
(default)
SIZE_3072
SIZE_4096
TYPE Select type. Possible values:
RSA_GENERAL
RSA_SIGN
RSA_DSA
RSA_ENCRYPT

Any Master/Sub-key combination is possible. Typically use:

  • RSA_GENERAL master → RSA GENERAL sub-key
  • DSA master → any ElGamal as sub-key

To view which sub-key is associated with a master key press the button on the left:

1755

To export an existing private keyring, click the three-dot icon on the right of the master key and select the Export Key option.
In the PGP Key Store window, select the options:

  1. Export Format:
    a. PEM
    b. DER
  2. Password and confirm Password.
  3. Click Save.