Creating Key Pairs for OpenPGP

You can create new key pairs for OpenPGP encryption using the OpenPGP Key Generation Wizard. The key pair file is saved in C:\Documents and Settings\All Users\Application Data\Globalscape\EFT Server Enterprise or \EFT Server; On Windows 2008, Application Data files for all users are in a hidden folder named %systemroot%\ProgramData instead of under Documents and Settings\All Users\Application Data.

EFT Server can create the following types of keys for OpenPGP:

icon_info.gif

For information about Diffie-Hellman key exchange, refer to http://en.wikipedia.org/wiki/Diffie-Hellman.

For information about RSA, refer to http://en.wikipedia.org/wiki/RSA.

To access the Key Ring Manager and use the OpenPGP Key Generation Wizard

icon_info.gif

If you have made any configuration changes, click Apply and/or Refresh before creating the key pair; otherwise, key creation will fail.

If you attempt remote management of keys, you may encounter unexpected behavior.

  1. In the administration interface, connect to EFT Server and click the Server tab.

  2. In the left pane, click the Site you want to configure.

  3. In the right pane, click the Security tab. The OpenPGP security settings are in the Data Security area at the bottom of the tab.

  4. Next to OpenPGP security, click Configure. The OpenPGP Security dialog box appears.

  5. Click Create. The OpenPGP Key Generation Wizard appears.

  6. Read the instructions on the welcome page, then click Next. The Parameters page appears.

  7. In the Full name box, provide your name or another contact's name.

  8. In the E-mail address box, provide an e-mail address.

  9. In the Key cipher box, click the list to specify a cipher to use: IDEA, 3-DES (the default), CAST5, AES128, AES192, AES256, or TWOFISH.

  10. In the Key type box, click Diffie-Hellman/DSS, RSA, or RSA legacy.

  11. Specify the Key length (1024, 2048, 3072, or 4096). Larger bit sizes increase security, but increase encryption time.

  12. Specify the Key expiration date, or never.

  13. Click Next. The passphrase page appears.

  14. Type your passphrase in the Passphrase and Confirmation boxes. The passphrase is case sensitive and must contain a minimum of 8 characters. For better security, the passphrase should contain a mix of alphanumeric (both upper and lower case) and non-alphanumeric characters. Select the Hide typing check box to display asterisks instead of the passphrase.

  15. Click Next. The Site page appears.

  16. Clear the Use this key pair as default key pair for this Site check box if the key is for a client or you do not want this key pair to be the default for the Site. Otherwise, select the check box and click the list to specify the Site, if different from the one displayed in the box.

  17. Click Finish to generate the key pair. A message appears informing you that it might take several minutes to generate the key pair.

  18. Click OK to close the notification dialog box. A message appears indicating successful generation of the key and addition to EFT Server key ring.

  19. Click OK to close the notification dialog box. If you selected the Use this key pair check box, the new key pair appears in the OpenPGP Security dialog box.

  20. If you want to enable debug logging for this key, select the check box and specify a logging level and the log file path.

  21. Click OK to save your changes and close the OpenPGP Security dialog box.

  22. Click Apply to save the changes on EFT Server.

Related Topics

OpenPGP and EFT Server

OpenPGP Key Ring Manager

Deleting Key Pairs for OpenPGP

Importing and Exporting Key Pairs for OpenPGP

Viewing and Changing Key Pair Path Settings