Blog

Managed File Transfer and Network Solutions

3 Ways To Generate OpenPGP Keys

Posted by John Carl Villanueva on Mon, Sep 08, 2014 @ 08:24 PM

Overview

JSCAPE MFT Server makes it easy to strengthen secure file transfers with OpenPGP encryption. But before you can protect your files with PGP, you need to create the necessary public/private key pairs. In this post, we introduce you to three ways of doing that. 

 

Option 1: Using the Key Manager

The Key Manager is a module that's only accessible to your system administrator. If you want your end users to generate PGP key pairs themselves, use Option 2. When keys are generated via the Key Manager, those keys can be used anywhere in the system and are typically used in conjunction with triggers. This is how you would carry out this particular PGP key creation process.

Go to the Server menu and click Key Manager.

 

01 mft server 9 pgp keys server key manager resized 600

 

Navigate to the PGP Keys tab and then click the Generate button.

 

02 mft server 9 pgp keys generate resized 600

 

Enter the following information:

Real name - This should be the full name of the key pair owner, e.g. John Smith.

Email - An email address owned by the key pair owner, e.g. [email protected]

Key Algorithm - The encryption algorithm you want to use. The options are RSA and DSA. If you want a comparison of these two, read: Which Works Best for Encrypted File Transfers - RSA or DSA?

Key Length - The length of your encryption key. Longer is stronger. However, for longer keys, you may need to install the JCE Unlimited Strength Jurisdiction Policy Files. Need insights for choosing key lengths? Read Choosing Key Lengths for Encrypted File Transfers

Click the OK button as soon as you're done.

 

03 mft server 9 pgp keys generation resized 600

 

If all goes well, you should then see your newly generated key along with some pertinent information, including: the key algorithm, key capabilities (can encrypt, sign, etc.), and the key's unique fingerprint.

 

04 mft server 9 pgp key details resized 600

 

Option 2: Through the User's Web Interface

This option is suitable for situations wherein you would like users to generate PGP keys on their own. Such keys can be used only to encrypt files uploaded to virtual paths that are accessible to the user and have PGP encryption enabled. Assuming you're a user, this is how you would generate your PGP keys. 

Login to your JSCAPE MFT Server's web interface.

 

05 mft server 9 login web resized 600

 

Once inside, navigate to My Account.

 

06 mft server 9 web account resized 600

 

Next, scroll down until you reach the OpenPGP Encryption section. Click the link that says "Generate OpenPGP Key".

 

07 mft server 9 web generate openpgp key resized 600

 

Enter pertinent information:

Real name - Your full name.

Email - An email address that you own.

Type - The encryption algorithm you want to use. The options are RSA and DSA. If you want to know more about them, read: Which Works Best for Encrypted File Transfers - RSA or DSA?

Length - The length of your encryption key. Longer is stronger. However, for longer keys, you may need to request your system administrator to install the JCE Unlimited Strength Jurisdiction Policy Files. Need insights for choosing key lengths? Read Choosing Key Lengths for Encrypted File Transfers

You may also optionally enter a file password to add a layer of protection to your key file.

Click the Generate button as soon as you're done.

You'll then be asked whether to open or save the file. Choose Save File and then specify the local directory where you'd like to save your file. This file is your PGP private key and is what you'll use to decrypt any file that's been encrypted by this key's corresponding public key.

Important! Make sure you place the file in a safe location and remember where you place it. Otherwise, you won't be able to decrypt files that are encrypted by that private key's corresponding public key.


09 mft server 9 openpgp key download resized 600

 

Once you get back to the main screen, you'll notice a new directory named .pgp under your home directory.

 

10 mft server 9 pgp folder resized 600

 

Then if you navigate into that directory, you'll also see a file named key.pub. This file is your private key's corresponding public key and will be used to encrypt files uploaded to virtual paths you have access to that have PGP encryption enabled. Remember that only one PGP public key may be associated with each account. Generating a new key pair or importing a new public key will overwrite the existing public key file.

 

Option 3: Using a 3rd party PGP tool

Lastly, you can use any reliable PGP tool. One of the tools I recommend is GPG. Here's how you use it to generate keys. 

Launch the app and click the New icon.

 

12 gpg keychain resized 600

 

Enter pertinent information as in the previous options and then click the Generate key button.

 

13 create pgp key gpg resized 600

 

Enter a passphrase.

Important: Write down or print this passphrase and then place it in a secret location. You'll need it when you import your private key to the server.

 

14 enter pgp passphrase resized 600

 

GPG will want to make sure this is the passphrase you really want and that you remember it. Re-enter the passphrase when prompted to.

 

15 re enter pgp passphrase resized 600

 

You should then see your newly created PGP key pair on the GPG main screen.

 

16 new pgp key resized 600

 

In order to use these keys on JSCAPE MFT Server, you'll need to import them there. In other words, you'll have to export them from GPG first. To export, just right-click on the key you want to export and then select Export

 

17 export pgp public key resized 600

 

If all you need is the public key, navigate to a directory where you want to save the public key file and then click the Save button. However, if what you need is the private key, make sure you tick the checkbox that says Allow secret key export before clicking Save.

 

18 save pgp public key resized 600

 

You can then import that file into JSCAPE MFT Server. If you scroll back to the screenshots we showed you in the first two options, you'll notice there's a button/link for importing.

Note that, when you export using GPG with the Allow secret key export checked, the exported file will contain both the public key and the private key. If you try to import that file into JSCAPE MFT Server, you may get an error because the server will only be looking for one key at a time (either the public key or the private key).

This is usually a problem only if what you want to import is the secret key or private key. Importing the public key doesn't pose any problems because when you export the public key on GPG, you won't have to tick the Allow secret key export checkbox anyway. Thus, the exported file will contain the public key alone.

To solve the problem when importing private keys into JSCAPE MFT Server, just open the exported file with a text editor and delete the entire public key block. After that, you can import the file as normal.

That's it! Now you know three ways of generating PGP keys. If you want to try this out yourself, download a copy of JSCAPE MFT Server now. 

 

Recommended download

 

Download Now

 

Topics: JSCAPE MFT Server, Managed File Transfer, OpenPGP, Secure File Transfer