Skip to content
Documentation/
/
/
Creating PGP Keys

Generating & exporting a PGP key

In this chapter we will show you step by step how to create a PGP key. This key type is used for

  • encrypting the document containing your credentials for the Investment API
  • encrypting files that are made available to you via the Investment API.

Please be aware that a separate PGP key pair is required for each of the use cases mentioned.

Prerequisites

  • Before you start, contact your IT Security team to comply with your company's key management policies.

  • A prerequisite for generating the PGP key is that you have already downloaded and installed the GPG command line tools for your operating system.

1. Creating a key pair

Note that it is mandatory to encrypt the key.

1

Open the terminal app.

2

Generate a key by running gpg --full-generate-key.

3

During key generation, you can define the following specifications according to your requirements:

Example RSA key generation

Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card

We recommend RSA/RSA.

4

Finally, confirm your settings with Y.

5

Specify your real name and email address that will be associated with this key.

6

Optionally, you can enter a comment.

We recommend specifying the purpose for which you are creating the key here. For example,

  • Upvest Investment API credentials issuance or
  • Upvest Investment API file download

You need separate PGP keys for these two use cases in order to be able to work with the Investment API.

7

To complete the key generation, press O.

8

You are prompted to enter a passphrase to protect your new key.

2. List your keys

You can use the following command to list your generated keys:

gpg --list-keys

3. Export & share your public key

After you have successfully created your PGP key pair, you must export it and provide us with the public key.

1

This command allows you to export the public PGP key using your Key ID:

Example

gpg --export --armor --output jane_doe_pgp.public_key.asc ABCD1234EF567890

Replace the ID-specific information in the example (e.g., ABCD1234EF567890) with your own Key ID.

To help find your Key ID, you can use the following command to list all available keys:

gpg --list-keys
2

Submit your PGP public key that looks like this to Upvest:

-----BEGIN PGP PUBLIC KEY BLOCK----- 
[PGP key] 
-----END PGP PUBLIC KEY BLOCK-----

4. Export your private key

Export your PGP private key to a file so that you can securely back it up.

1

Use the following command to export your private key:

Example

gpg --export-secret-keys --armor --output [jane_doe]_pgp.private_key.asc [jane.doe@example.com]
2

Back up your private key and make sure that you also save your passphrase.

For security reasons, we recommend that you save the passphrase separately.