To get started with PGP, you must have at least one private/public keypair in your "My Keys" collection. If you have already have a private/public keypair in some other PGP software, you can export it from that software and import it into MOVEit Automation . Otherwise, you should generate a key.

  1. Click Create.

  2. In the Create Key dialog box, provide the following information:

    • Key Length - the length of the key in bits. The longer the key, the more secure it is, but the more processing time is required for cryptographic operations. 1024 bits is sufficient, but many experts prefer 2048 bits. 4096 bits is very long; generating a key of this length might take over 10 minutes.
    • Key Format - Both RSA and DSS/DH (Digital Signature Standard / Diffie-Hellman) are widely supported. RSA Legacy might be necessary if you are exchanging encrypted files with someone who is using a very old version of PGP.

      IMPORTANT: The previous PGP module for MOVEit Automation , Authora EDGE PGP Library, has been replaced by Didisoft OpenPGP Library for .NET in order to address various limitations. Didisoft does not support generating DSS or RSA Legacy keys, which are options that EDGE SDK does support. For backward compatibility, these options are still available in MOVEit Automation Admin for version 8.1. However, if you attempt to generate a DSS or RSA Legacy key using the new IPSP/Didisoft components, you receive the error message "This version of MOVEit Automation doesn't support generating xxxxx keys".

    • Signing Alg - The hash algorithm used for signing the key.

      The default for RSA keys is the more secure SHA256, but you might need to choose SHA1 for backwards compatibility with older applications. The default for DSS keys is SHA1, because some older PGP applications do not support algorithms other than SHA1 for DSS keys.

      For the best security, select SHA512. You cannot configure the hash algorithm that is used to sign RSA legacy keys.

    • Expiration - Shorter expiration times are more secure, because they reduce the amount of damage that could be done if an opponent gains access to your key. However, shorter expiration times are less convenient, because when the key approaches its expiration date, you must generate a new one and send its public component to your correspondents.
    • Key Name - This is an arbitrary name associated with the key. It is similar to the Common Name on an SSL certificate.
    • Email Address - If provided, this is incorporated into the name of the key. This field is usually not used to address PGP-encrypted email, but instead serves as a point of contact for technical issues involving that PGP key.
    • Passphrase - The passphrase used to encrypt the secret key. MOVEit Automation records this passphrase in its encrypted settings file, so you do not have to reenter it when signing or decrypting files. This passphrase is also displayed each time a private/public keypair is exported.