You can create new key pairs for OpenPGP (Uses public-key cryptography and includes a system that binds the public keys to a user name.) encryption using the OpenPGP Key Generation Wizard. The key pair file is saved in C:\Documents and Settings\All Users\Application Data\Globalscape\EFT Server Enterprise or \EFT Server.
EFT Server can create the following types of keys for OpenPGP:
RSA: If you select RSA, the library generates the new standard RSA key pair format by default--keys that are compatible with newer OpenPGP clients. The new RSA key format supports features previously available only to DSS/DH keys. The new RSA key format enables you to have a primary key for signing and a subkey to encrypt data. In addition, the encryption key (the subkey) can be revoked or have a different expiration date as its primary key. A new subkey can always be added to a primary key and be used for encrypting data. New RSA keys are compatible with newer versions of OpenPGP. The library generates the new and improved RSA key format by default. These keys are not compatible with older PGP clients that are not compliant with RFC 2440 such as PGP 2.6.x.
Legacy: In EFT Server, the PGP library gives you the option to
generate RSA Legacy keys that are compatible with older versions of OpenPGP.
Old OpenPGP clients are compliant with RFC 1991 only, not RFC 2440.
RSA Legacy keys created in EFT Server are compatible with CuteFTP, and any keys created in CuteFTP will work in EFT Server; however, new RSA keys created in EFT Server are not compatible with CuteFTP, because CuteFTP uses an older library.
For information about Diffie-Hellman key exchange, refer to http://en.wikipedia.org/wiki/Diffie-Hellman.
For information about RSA, refer to http://en.wikipedia.org/wiki/RSA.
To access the Key Ring Manager and use the OpenPGP Key Generation Wizard
If you have made any configuration changes, click Apply and/or Refresh before creating the key pair; otherwise, key creation will fail.
If you attempt remote management of keys, you may encounter unexpected behavior.
In the EFT Server administration interface, connect to EFT Server and click the Server tab.
In the left pane, click the Site you want to configure.
In the right pane, click the Security tab. The OpenPGP security settings are in the Data Security area at the bottom of the tab.
Next to OpenPGP security, click Configure. The OpenPGP Security dialog box appears.
The OpenPGP Key Generation Wizard
Read the instructions on the welcome page, then click
Next. The Parameters
In the Full name box, provide your name or another contact's name.
In the E-mail address box, provide an e-mail address.
In the Key cipher box, click the list to specify a cipher to use: IDEA, 3-DES (the default), CAST5, AES128, AES192, AES256, or TWOFISH.
In the Key type box, click Diffie-Hellman/DSS, RSA, or RSA legacy.
Specify the Key length (1024, 2048, 3072, or 4096). Larger bit sizes increase security, but increase encryption time.
Specify the Key expiration date, or never.
The passphrase page appears.
Type your passphrase in the Passphrase and Confirmation boxes. The passphrase is case sensitive and must contain a minimum of 8 characters. For better security, the passphrase should contain a mix of alphanumeric (both upper and lower case) and non-alphanumeric characters. Select the Hide typing check box to display asterisks instead of the passphrase.
The Site page appears.
Clear the Use this key pair as default key pair for this Site check box if the key is for a client or you do not want this key pair to be the default for the Site. Otherwise, select the check box and click the list to specify the Site, if different from the one displayed in the box.
Click Finish to generate the key pair. A message appears informing you that it might take several minutes to generate the key pair.
Click OK to close the notification dialog box. A message appears indicating successful generation of the key and addition to EFT Server key ring.
Click OK to close the notification dialog box. If you selected the Use this key pair check box, the new key pair appears in the OpenPGP Security dialog box.
If you want to enable debug logging for this key, select the check box and specify a logging level and the log file path.
Click OK to save your changes and close the OpenPGP Security dialog box.
Click Apply to save the changes on EFT Server.
OpenPGP and EFT Server
OpenPGP Key Ring Manager
Deleting Key Pairs for OpenPGP
Importing and Exporting Key Pairs for OpenPGP
Viewing and Changing Key Pair Path Settings