Generating & exporting a PGP key
In this chapter we will show you step by step how to create a PGP key. This key type is used for
- encrypting the document containing your credentials for the Investment API
- encrypting files that are made available to you via the Investment API.
Please be aware that a separate PGP key pair is required for each of the use cases mentioned.
Prerequisites
Before you start, contact your IT Security team to comply with your company's key management policies.
A prerequisite for generating the PGP key is that you have already downloaded and installed the GPG command line tools for your operating system.
1. Creating a key pair
Open the terminal app.
Generate a key by running
gpg --full-generate-key
.During key generation, you can define the following specifications according to your requirements:
- type of encryption
- key size
- expiration date for the key.
Finally, confirm your settings with
Y
.Specify your real name and email address that will be associated with this key.
Optionally, you can enter a comment.
We recommend specifying the purpose for which you are creating the key here. For example,
Upvest Investment API credentials issuance
orUpvest Investment API file download
You need separate PGP keys for these two use cases in order to be able to work with the Investment API.
To complete the key generation, press
O
.You are prompted to enter a passphrase to protect your new key.
We recommend
- RSA/RSA
- key size of 4096 bits to ensure the highest possible security
- no expiration time (press
Enter
during the prompt).
2. List your keys
You can use the following command to list your generated keys:
gpg --list-keys
3. Export & share your public key
After you have successfully created your PGP key pair, you must export it and provide us with the public key.
This command allows you to export the public PGP key:
Example
gpg --export --armor --output [jane_doe]_pgp.public_key.asc [jane.doe@example.com]
Replace the ID-specific information in the square brackets with your own ID.
Submit your PGP public key that looks like this to Upvest:
-----BEGIN PGP PUBLIC KEY BLOCK----- [PGP key] -----END PGP PUBLIC KEY BLOCK----- ```
4. Export your private key
Export your PGP private key to a file so that you can securely back it up.
Use the following command to export your private key:
Example
gpg --export-secret-keys --armor --output [jane_doe]_pgp.private_key.asc [jane.doe@example.com]
Back up your private key and make sure that you also save your passphrase.
For security reasons, we recommend that you save the passphrase separately.