Managing PGP Keys
Key Manager Plus allows you to create and manage Pretty Good Privacy (PGP) keys from the Key Manager Plus web interface. The PGP keys are used to encrypt texts, emails, signing files, etc. PGP keys work as a key pair as they have a Master Key with a Sub Key bound to it. While creating a PGP key in Key Manager Plus, you can assign operations for the Master Key and the Sub Key individually, eg., signing and certifying to the Master Key and authentication and encryption to the Sub Key.
The PGP keys created are saved in the product key repository to secure and centralize their management. You may add a detailed description to the keys referring to their usage instances which helps you search and locate the keys faster. Also, there are provisions to edit the key description, view the passphrase, store them in an organized manner, or export the keys to your system or email address. Apart from the above, Key Manager Plus provides detailed reports on the creation of PGP keys and operations performed on them such as export, edit, delete, etc. Each of the above operations will be logged into the Audit section of Key Manager Plus. You may also set up email notifications to get notified about the expiration of the PGP keys.
1. Create PGP Key
To create a key to store in the Key Manager Plus repository:
- Navigate to the Key Vault tab and click PGP Keys from the menu bar at the top.
- Click the Create button.
- Enter the following attributes:
- Name - Enter the key name
- Email Address - Enter the email address of the creator.
- Key Comment - Enter a comment regarding the key explaining what it is going to be used for. Eg: Email encryption.
- Key Type - The key type is RSA by default.
- Key Length - Choose the key length from the drop-down (2048 or 4096)
- SSH Key Passphrase - Enter a valid key passphrase.
- Master Key Use - Select the required check boxes to choose what the Master Key will be used for. The available options are Sign, Certify, Encrypt, Authenticate.
- Master Key Validity Days - Specify the expiry period for the Master Key —the default value is 90 days. Enter '0' for the key to be valid forever.
- Sub Key Use - Select the required check boxes to choose what the Sub Key will be used for. The available options are Sign, Certify, Encrypt, Authenticate.
- Sub Key Validity Days - Specify the expiry period for the Sub Key —the default value is 90 days. Enter '0' for the key to be valid forever. Please note, the validity period of the Sub Key cannot exceed that of the Master Key.
- Description - Enter a description for the key.
- Click the Create button.
Now, the key is enumerated in the PGP Keys tab. To view the key details of both Master Key and Sub Key, click the name of the key. The contents of the Master Key and the Sub Key will be listed separately.
Note: The Master Key and the Sub Key both combine to create a single key and will be treated as such under Key Manager Plus license too.
2. Import PGP Key
Key Manager Plus allows you to import and manage PGP keys. To import a PGP key,
- Click the Import button from the menu bar at the top.
- In the pop-up that appears,
- Browse and select the File Location.
- Mention the Passphrase, Description and click Import.
- Now, you have successfully imported the key to the KMP repository.
To edit a key:
- Click the Edit icon next to the required key.
- In the Edit window that appears, enter a description and click Update.
To export a key:
- Click the Export icon next to the required key.
- Choose Export Public Key or Export Private Key from the drop-down to download the public key or the private key separately. The keys will be downloaded as ASC (Action Script Communication) files.
Note: The passphrases used to protect the keys are applicable even for exported keys. Thus, you need to provide the corresponding passphrase to use the exported keys elsewhere.
To send a key to an email address:
- Click the Mail icon next to the required key.
- In the Mail PGP Key window, select the respective check boxes to send either the private key or the public key.
- In the Mail Id field, enter an email address and click send. You can enter multiple email addresses by separating them with commas.
6. Show Passphrase
To view the passphrase of a key:
- Click the Show Passphrase icon next to the required key.
- The passphrase of the key will be displayed in a drop-down.
7. Delete Key(s)
To delete keys:
- Select the check boxes beside the required keys.
- Click the Delete button in the menu bar at the top and click OK in the confirmation dialog box that appears. The key deletion action will be recorded in the Audit logs along with date, time and the user who deleted it.