API status

Generating & exporting a PGP key

In this chapter we will show you step by step how to create a PGP key. This key type is used for

  • encrypting the document containing your credentials for the Investment API
  • encrypting files that are made available to you via the Investment API.

Please be aware that a separate PGP key pair is required for each of the use cases mentioned.

Prerequisites

  • Before you start, contact your IT Security team to comply with your company's key management policies.

  • A prerequisite for generating the PGP key is that you have already downloaded and installed the GPG command line tools for your operating system.

1. Creating a key pair

Note that it is mandatory to encrypt the key.

  1. Open the terminal app.

  2. Generate a key by running gpg --full-generate-key.

  3. During key generation, you can define the following specifications according to your requirements:


    Example RSA key generation

    Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card

    We recommend RSA/RSA.



  4. Finally, confirm your settings with Y.


  5. Specify your real name and email address that will be associated with this key.


  6. Optionally, you can enter a comment.


    We recommend specifying the purpose for which you are creating the key here. For example,

    • Upvest Investment API credentials issuance or
    • Upvest Investment API file download You need separate PGP keys for these two use cases in order to be able to work with the Investment API.

  7. To complete the key generation, press O.


  8. You are prompted to enter a passphrase to protect your new key.


2. List your keys

You can use the following command to list your generated keys:

gpg --list-keys

3. Export & share your public key

After you have successfully created your PGP key pair, you must export it and provide us with the public key.

  1. This command allows you to export the public PGP key:

    Example

    gpg --export --armor --output [jane_doe]_pgp.public_key.asc [jane.doe@example.com]

    Replace the ID-specific information in the square brackets with your own ID.


  2. Submit your PGP public key that looks like this to Upvest:


    -----BEGIN PGP PUBLIC KEY BLOCK----- 
[PGP key] 
-----END PGP PUBLIC KEY BLOCK-----

4. Export your private key

Export your PGP private key to a file so that you can securely back it up.

  1. Use the following command to export your private key:

    Example

        gpg --export-secret-keys --armor --output [jane_doe]_pgp.private_key.asc [jane.doe@example.com]

  2. Back up your private key and make sure that you also save your passphrase.


    For security reasons, we recommend that you save the passphrase separately.

Was this page helpful?