Generating & exporting a PGP key

In this chapter we will show you step by step how to create a PGP key. This key type is used for

  • encrypting the document containing your credentials for the Investment API
  • encrypting files that are made available to you via the Investment API.
WARNING

Please be aware that a separate PGP key pair is required for each of the use cases mentioned.


Prerequisites

Before you start, contact your IT Security team to comply with your company's key management policies.

A prerequisite for generating the PGP key is that you have already downloaded and installed the GPG command line tools for your operating system.

1. Creating a key pair

  1. Open the terminal app.

  2. Generate a key by running gpg --full-generate-key.

  3. During key generation, you can define the following specifications according to your requirements:

    • type of encryption
    • key size
    • expiration date for the key.
  4. Finally, confirm your settings with Y.

  5. Specify your real name and email address that will be associated with this key.

  6. Optionally, you can enter a comment.

    We recommend specifying the purpose for which you are creating the key here. For example,

    • Upvest Investment API credentials issuance or
    • Upvest Investment API file download
      You need separate PGP keys for these two use cases in order to be able to work with the Investment API.
  7. To complete the key generation, press O.

  8. You are prompted to enter a passphrase to protect your new key.

TIP

We recommend

  • RSA/RSA
  • key size of 4096 bits to ensure the highest possible security
  • no expiration time (press Enter during the prompt).

2. List your keys

You can use the following command to list your generated keys:

gpg --list-keys

3. Export & share your public key

After you have successfully created your PGP key pair, you must export it and provide us with the public key.

  1. This command allows you to export the public PGP key:

    Example

    gpg --export --armor --output [jane_doe]_pgp.public_key.asc [jane.doe@example.com]

    Replace the ID-specific information in the square brackets with your own ID.

  2. Submit your PGP public key that looks like this to Upvest:

    -----BEGIN PGP PUBLIC KEY BLOCK----- 
    [PGP key] 
    -----END PGP PUBLIC KEY BLOCK-----
    ```

4. Export your private key

Export your PGP private key to a file so that you can securely back it up.

  1. Use the following command to export your private key:

    Example

        gpg --export-secret-keys --armor --output [jane_doe]_pgp.private_key.asc [jane.doe@example.com]
  2. Back up your private key and make sure that you also save your passphrase.

INFO

For security reasons, we recommend that you save the passphrase separately.