This chapter describes the steps to:
Create a signing certificate
Distribute the certificate to the end-users
It is recommended that the user gets familiar with PGP and public key cryptography in general by reading the links provided in the Technical and procedural choices chapter. See also the eAIP Security Risks and Mitigation Strategies in the eAIP Specification.
Please download and install the following software. You might need administrative privileges or ask your system administrator to perform the installation.
WinPT: Windows Privacy Tray
The procedure to create a PGP key usable for signing the eAIP is:
Generate a PGP public/private key pair
Export the public key
Distribute the public key to the receiving parties
This is done by the person which will be responsible for the signing of the eAIP package.
Run the WinPT installer which has been downloaded. Follow the instructions on screen.
Install the required modules, as depicted above. This document does not cover all possible use of the software. Click Next to pursue installation.
In the advanced options, select the options as depicted above. Click Install to proceed with installation.
Once installed, run the WinPT application. You will be prompted by the following:
Click on Yes to have WinPT generate your personal key repository (keyring).
Select Have WinPT to generate a key pair, and click OK.
Enter the following information:
Key type: the public key algorithms used by PGP. Use combined DSA and ELG.
Sub-key size in bits: the size of the key. We recommend at least 2048.
User name: the name of the signing entity.
Comment: information complementing the User name.
E-mail address: an e-mail address where signing entity can be reached.
Key expiration: the date until which this key is valid.
Pass-phrase: select a strong password to protect this key. Repeat it to validate it.
Click on Start to generate the key pair.
You may choose to follow the advice of the software, and proceed with a backup.
Select a safe location for your keyring.
To verify packages you will sign, end users must have a copy of your public key. Therefor you must export it and distribute it to your audience.
The steps are:
To export your private key, you must be running WinPT.
Right-click on the WinPT tray box icon (bottom right of your screen), and select Key Manager.
Right-click on the key and select Key Properties.
Note down the fingerprint.
To export your private key, you must be running WinPT.
Right-click on the WinPT tray box icon (bottom right of your screen), and select Key Manager.
In the Key Manager window, select in the Key menu the Export... option.
Choose a location where to save the key. Leave the filename to the default value. This file will then be distributed to all the recipients of the signed eAIP packages.