Skip to main content

PGP Keys

PGP Public and Private Keys (PGP Keys) are cryptographic Credentials used for file encryption, decryption, and digital signature verification. Unlike SSH keys (see Public Keys and Private Keys), which are tightly integrated into the connection process, PGP Keys are created and stored in UDMG but used externally via the UDMG OpenPGP extension for UAC.

PGP (Pretty Good Privacy) uses asymmetric encryption, a pair of keys that work together:

  • A PGP Public Key encrypts files and verifies digital signatures.
  • A PGP Private Key decrypts files and signs content.

UDMG stores both key types for secure use in automated file handling processes.

Key Validation

PGP Keys stored in UDMG are analyzed to confirm they are in the correct PGP Key format, but UDMG does not validate the key, including the algorithms and dates.

info

UDMG parses the key for format validation and shows some key information in the Credential Details.

Key Types

UDMG allows any of the following types:

  • Rivest-Shamir-Adleman (RSA)
  • Digital Signature Algorithm (DSA)
    • Only accepts 1024 bytes
  • Elliptic Curve Cryptography (ECC)
  • ED25519

PGP Keys can be passphrase protected, but the passphrase is not managed or stored in UDMG. If your key requires a passphrase, store it separately in Universal Controller or another external system.

Use Cases

#Credential TypeUsed InPurpose
1PGP Public KeyUsed by the UDMG OpenPGP extension for UAC.Encrypt, verify signatures
2PGP Private KeyUsed by the UDMG OpenPGP extension for UAC.Decrypt, sign

PGP Public Keys

PGP Public Keys are used to encrypt files sent to a partner or to verify digital signatures on received content. They are referenced by the UDMG OpenPGP extension for UAC to process files.

Implementation

  1. A PGP public key is generated outside of UDMG.
  2. A new Credential (with Type: PGP Public Key) is created on the Credentials page with the key from Step 1.
  3. UAC retrieves the key via the UDMG OpenPGP extension.

PGP Private Keys

PGP Private Keys are used to decrypt incoming files or digitally sign outbound content. They are referenced by the UDMG OpenPGP extension for UAC to process files.

Implementation

  1. A PGP private key is generated outside of UDMG (e.g., by your organization).
  2. A new Credential (with Type: PGP Private Key) is added on the Credentials page with the key from Step 1.
  3. UAC retrieves the key via the UDMG OpenPGP extension.

Adding a PGP Public or Private Key

To add a PGP Key Credential, follow these steps:

  1. From the Sidebar, click Configuration > Credentials.
  2. Click Add Credential.
  3. Select PGP Private Key or PGP Public Key as the Credential Type.
  4. Enter an identifying Name and Description, and optionally Valid From and Valid To dates.
  5. Enter or paste in the Key.
  6. Click Add.

Field Descriptions

The following table lists all fields that can be completed when adding (or editing) a PGP Key:

NameDescriptionSpecificationsRequired
Type

Type of Credential.

Select: PGP Private Key or PGP Public Key.

The type Cannot be modified after creation.Yes
NameThe name of the PGP Key.Yes
DescriptionThe description of the PGP Key.No
Valid FromDate when the Credential becomes valid.Cannot be later than Valid To date.Yes
Valid To

Date when the Credential becomes invalid.

info

UDMG does not check if the Credential is valid. The dates entered on the Credential are only meant to help Users keep track of expiration dates.

Cannot be earlier than Valid From date.Yes
KeyRaw cryptographic data of the key. The metadata is parsed automatically.
  • PGP Public Key values are visible in the UI.
  • PGP Private Key values are masked and encrypted after saving.
Yes

Editing a PGP Key

To edit a PGP Key Credential, follow these steps:

  1. From the Sidebar, select Configuration > Credentials.
  2. Click the Name of the PGP Key you want to edit.
  3. Click the Edit button above the details to edit the specific fields.
  4. Edit details for the PGP Key, using the Field Descriptions above as a guide.
  5. Click Update.

Managing PGP Key

Viewing PGP Key Details

To view the details of a PGP Key, follow these steps:

  1. From the Sidebar, click Configuration > Credentials.
  2. Click the Name of the PGP Key Credential you want to view.
  3. To see the PGP Private Key value, which is not visible after Credential creation, System and Domain Administrators can use the authenticated Reveal API.

PGP Key Metadata

Credential details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:

NameDescription
UUIDUniversally Unique Identifier of this PGP Key.
EnabledCredentials Enabled status. If enabled, field is set to True.
VersionVersion number of the latest configuration of the Credential, including changes to the Enabled status.
CreatedDate and time this PGP Key was created.
UpdatedDate and time this PGP Key was last updated.
Key IDA shortened identifier derived from the key, typically the last 8 or 16 hexadecimal characters of the fingerprint.
FingerprintA unique cryptographic hash (usually SHA-1, displayed as 40 hex characters) of the entire key. This is the definitive identifier for a key and is used to verify authenticity.
User IDsIdentity of the key owner, including the owner's name and email address.
PrivateBoolean indicating if the PGP key is a Private PGP Key.
Can Encrypt?Boolean indicating if the key has encryption capabilities.
Can Sign?Boolean indicating if the key can create digital signatures.

Enabling and Disabling PGP Keys

PGP Keys can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is defaulted to Enabled and can be changed after creation.

  • Enabled (default): The PGP Key is active and available for use.
  • Disabled: The PGP Key is not active and unavailable for use.

To enable or disable a PGP Key, follow these steps:

  1. From the Sidebar, click Configuration > Credentials.
  2. Click the Name of the PGP Key you want to enable/disable.
  3. Click the Enable or Disable button above the PGP Key details, depending on the current status.

Deleting a PGP Key

To delete a PGP Key Credential, follow these steps:

  1. From the Sidebar, click Configuration > Credentials.
  2. Click the Name of the PGP Key you want to delete.
  3. Click the Delete button above the PGP Key details.
  4. You will be asked to confirm the deletion. Click Delete.