Creating Key Pairs for OpenPGP

You can create new key pairs for OpenPGP (Uses public-key cryptography and includes a system that binds the public keys to a user name.) encryption using the OpenPGP Key Generation Wizard. The key pair file is saved in C:\Documents and Settings\All Users\Application Data\Globalscape\EFT Server Enterprise or \EFT Server.

EFT Server can create the following types of keys for OpenPGP:

• RSA: If you select RSA, the library generates the new standard RSA key pair format by default--keys that are compatible with newer OpenPGP clients. The new RSA key format supports features previously available only to DSS/DH keys. The new RSA key format enables you to have a primary key for signing and a subkey to encrypt data. In addition, the encryption key (the subkey) can be revoked or have a different expiration date as its primary key. A new subkey can always be added to a primary key and be used for encrypting data. New RSA keys are compatible with newer versions of OpenPGP. The library generates the new and improved RSA key format by default. These keys are not compatible with older PGP clients that are not compliant with RFC 2440 such as PGP 2.6.x.

• RSA Legacy: In EFT Server, the PGP library gives you the option to generate RSA Legacy keys that are compatible with older versions of OpenPGP. Old OpenPGP clients are compliant with RFC 1991 only, not RFC 2440.
  
  RSA Legacy keys created in EFT Server are compatible with CuteFTP, and any keys created in CuteFTP will work in EFT Server; however, new RSA keys created in EFT Server are not compatible with CuteFTP, because CuteFTP uses an older library.

To access the Key Ring Manager and use the OpenPGP Key Generation Wizard

1. In the Administrator, connect to EFT Server and click the Server tab.

2. In the left pane, click the Site you want to configure.

3. In the right pane, click the Security tab. The OpenPGP security settings are in the Data Security area at the bottom of the tab.



4. Next to OpenPGP security, click Configure. The OpenPGP Security dialog box appears.



5. Click Create. The OpenPGP Key Generation Wizard appears.
   
   

6. Read the instructions on the welcome page, then click Next. The Parameters page appears.
   
   

7. In the Full name box, provide your name or another contact's name.

8. In the E-mail address box, provide an e-mail address.

9. In the Key cipher box, click the list to specify a cipher to use: IDEA, 3-DES (the default), CAST5, AES128, AES192, AES256, or TWOFISH.

10. In the Key type box, click Diffie-Hellman/DSS, RSA, or RSA legacy.

11. Specify the Key length (1024, 2048, 3072, or 4096). Larger bit sizes increase security, but increase encryption time.

12. Specify the Key expiration date, or never.

13. Click Next. The passphrase page appears.
    
    

14. Type your passphrase in the Passphrase and Confirmation boxes. The passphrase is case sensitive and must contain a minimum of 8 characters. For better security, the passphrase should contain a mix of alphanumeric (both upper and lower case) and non-alphanumeric characters. Select the Hide typing check box to display asterisks instead of the passphrase.

15. Click Next. The Site page appears.
    
    

16. Clear the Use this key pair as default key pair for this Site check box if the key is for a client or you do not want this key pair to be the default for the Site. Otherwise, select the check box and click the list to specify the Site, if different from the one displayed in the box.

17. Click Finish to generate the key pair. A message appears informing you that it might take several minutes to generate the key pair.

18. Click OK to close the notification dialog box. A message appears indicating successful generation of the key and addition to EFT Server key ring.

19. Click OK to close the notification dialog box. If you selected the Use this key pair check box, the new key pair appears in the OpenPGP Security dialog box.



20. If you want to enable debug logging for this key, select the check box and specify a logging level and the log file path.

21. Click OK to save your changes and close the OpenPGP Security dialog box.

22. Click Apply to save the changes on EFT Server.

Related Topics

OpenPGP and EFT Server

OpenPGP Key Ring Manager

Deleting Key Pairs for OpenPGP

Importing and Exporting Key Pairs for OpenPGP

Viewing and Changing Key Pair Path Settings