Manage PGP Keys

PAM360 allows you to create and manage Pretty Good Privacy (PGP) keys from the PAM360 web interface. The PGP keys are used to encrypt texts, emails, signing files, etc. PGP keys work as a key pair as they have a Master Key with a Sub Key bound to it. While creating a PGP key in PAM360, you can assign operations for the Master Key and the Sub Key individually, eg., signing and certifying to the Master Key and authentication and encryption to the Sub Key.

The PGP keys created are saved in the product key repository to secure and centralize their management. You may add a detailed description to the keys referring to their usage instances which helps you search and locate the keys faster. Also, there are provisions to edit the key description, view the passphrase, store them in an organized manner, or export the keys to your system or email address. Apart from the above, PAM360 provides detailed reports on the creation of PGP keys and operations performed on them such as export, edit, delete, etc. Each of the above operations will be logged into the Audit section of PAM360. You may also set up email notifications to get notified about the expiration of the PGP keys.

Click the links below to learn more about each operation you can perform on the keys from the PGP Keys tab.

  1. Create PGP Key
  2. Import PGP Key
  3. Edit Key
  4. Export Key
  5. Email Key
  6. Show Passphrase
  7. Delete Key(s)

1. Create PGP Key

To create a key to store in the PAM360 repository:

  1. Navigate to the 'Admin >> SSL/SSH Config >> PGP Keys'.
  2. Click the Create button.
  3. Enter the following attributes:
    1. Name - Enter the key name
    2. Email Address - Enter the email address of the creator.
    3. Key Comment - Enter a comment regarding the key explaining what it is going to be used for. Eg: Email encryption.
    4. Key Type - The key type is RSA by default.
    5. Key Length - Choose the key length from the drop-down (2048 or 4096)
    6. SSH Key Passphrase - Enter a valid key passphrase.
    7. Master Key Use - Select the required check boxes to choose what the Master Key will be used for. The available options are Sign, Certify, Encrypt, Authenticate.
    8. Master Key Validity Days - Specify the expiry period for the Master Key —the default value is 90 days. Enter '0' for the key to be valid forever.
    9. Sub Key Use - Select the required check boxes to choose what the Sub Key will be used for. The available options are Sign, Certify, Encrypt, Authenticate.
    10. Sub Key Validity Days - Specify the expiry period for the Sub Key —the default value is 90 days. Enter '0' for the key to be valid forever. Please note, the validity period of the Sub Key cannot exceed that of the Master Key.
    11. Description - Enter a description for the key.
  4. Click the Create button.
    manage-pgp-keys-1
    manage-pgp-keys-2

Now, the key is enumerated in the PGP Keys tab. To view the key details of both Master Key and Sub Key, click the name of the key. The contents of the Master Key and the Sub Key will be listed separately.

Note: The Master Key and the Sub Key both combine to create a single key and will be treated as such under PAM360 license too.

2. Import PGP Key

To import PGP key to the PAM360 repository:

  1. Navigate to 'Admin >> SSL/SSH Config >> PGP Keys'.
  2. Click the Import button.
  3. In the pop-up that appears:
    1. Browse and select the File Location.
    2. Mention the Passphrase and Description, and click Import.
  4. Now, you have successfully imported the PGP key(s) to the PAM360 repository.
    manage-pgp-keys-4

3. Edit Key

To edit a key:

  1. Click the Edit icon  next to the required key.
  2. In the Edit window that appears, enter a description and click Update.

4. Export Key

To export a key:

  1. Click the Export icon  next to the required key.
  2. Choose Export Public Key or Export Private Key from the drop-down to download the public key or the private key separately. The keys will be downloaded as ASC (Action Script Communication) files.
  3. Note: The passphrases used to protect the keys are applicable even for exported keys. Thus, you need to provide the corresponding passphrase to use the exported keys elsewhere.

5. Email Key

To send a key to an email address:

  1. Click the Mail icon  next to the required key.
  2. In the Mail PGP Key window, select the respective check boxes to send either the private key or the public key.
  3. In the Mail Id field, enter an email address and click send. You can enter multiple email addresses by separating them with commas.

6. Show Passphrase

To view the passphrase of a key:

  1. Click the Show Passphrase icon  next to the required key.
  2. The passphrase of the key will be displayed in a drop-down.

7. Delete Key(s)

To delete keys:

  1. Select the check boxes beside the required keys.
  2. Click the Delete button in the menu bar at the top and click Ok in the confirmation dialog box that appears. The key deletion action will be recorded in the Audit logs along with date, time and the user who deleted it.

    manage-pgp-keys-3

Top