Tools-2 icon

PGP encryption

Register your PGP key with Adyen.

PGP keys can be used to sign, encrypt, and decrypt files and communications.

To secure sensitive information, we use PGP encryption for:

Here we explain how to generate and update a PGP key using the GnuPG command line tools, as well as how to register a PGP key with Adyen.

PGP keys can expire. If a PGP key you have registered with Adyen expires, your ability to process transactions may be affected. You are responsible for ensuring that the PGP keys you have registered with Adyen are valid and up to date. For more information, see Handle an expiring PGP key.

Requirements

There are several tools available for managing PGP keys. In this tutorial, we explain how to generate or update a PGP key using the GnuPG command line tools. These are available for Windows, Mac, and Linux.

Before using this tutorial, make sure you have GnuPG command line tools installed on your computer.

You can check whether the GnuPG command line tools are installed by opening a command line application (such as Terminal or PowerShell), and running the command gpg --version. If you get a command not found error message, you need to download and install GnuPG.

Step 1: Generate new PGP key

To generate a PGP key using the GnuPG command line tools:

  1. Open a command line application, such as Terminal or PowerShell.

  2. Use the following command to create a GPG key pair.

    $ gpg --full-generate-key

    You are asked which kind of key you want.

  3. Press Enter to accept the default (RSA and RSA).

  4. Enter a keysize. We recommend entering at least 4096 (4096 bits).

  5. Enter the key validity. This is the length of time before the key expires. For example, to set the expiry period to 5 years, enter 5y.

    We recommend setting an expiry period for your PGP key.

  6. Enter your user ID information, including your name and email address.

    You are prompted to confirm your user ID.

  7. Enter o(kay) to confirm your user ID.

    You are prompted to enter a secure passphrase to protect your key.

  8. Enter a secure passphrase, then press Enter.

    Your key has been generated.

  9. Enter the following command to list your keys.

    $ gpg --list-secret-keys --keyid-format LONG
  10. Copy the ID of the new key you generated. In the example below, the key ID is ABC123DEF456789O:

    $ gpg --list-secret-keys --keyid-format LONG
    /Users/YOUR_USER/.gnupg/secring.gpg
    ------------------------------------
    sec   4096R/{hint:This is the key ID}ABC123DEF456789O{/hint} 2020-01-01 [expires: 2025-01-01]
    uid                          YOUR_USER_ID
    sub   4096R/456789OABC123DEF 2020-01-01
  11. Enter the command below, specifying the ID of the new key.
    For example, if this key ID is ABC123DEF456789O you would enter:

    $ gpg --armor --export ABC123DEF456789O

    Your public key is displayed.

  12. Copy your public key, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.

Next, we will explain how to register this key with Adyen, in your Customer Area.

Step 2: Register PGP key with Adyen

To register your generated key with Adyen:

  1. Log in to your Customer Area.
  2. Switch to the company or merchant account for which you want to register PGP keys. On a merchant account you can only register keys for the purposes Reports or AccountUpdater.
  3. Select Settings > Account settings.
  4. Select Manage PGP Keys.

    A list of all the PGP keys you have previously registered with Adyen is shown, including the ID of each key (Key ID) and its expiry date (Expires).

  1. Under Upload a new PGP Key:

    • Select the Purpose of your new PGP key. For example, if you will use this key to encrypt and decrypt batch files, select Batch files.
    • Paste the PGP Key you generated earlier, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.

      Make sure this is your public key. Do not upload your private key.

  2. Select Upload key to register the PGP key with Adyen.

Files that match the Purpose you selected above will be encrypted with this PGP key.

Handle an expiring PGP key

Want to receive an email alert?

To receive PGP expiry messages by email, subscribe to Account-related notifications.

An expired PGP key can impact your ability to process transactions, or decrypt important information.

Two weeks before a PGP key you have registered is due to expire, we display a message in the System Messages widget of your Customer Area. This message indicates the ID of the expiring key, and when it will expire.

If you get this message, you can either:

Update PGP key expiry

To update the expiry of a PGP key using the GnuPG command line tools:

  1. Open a command line application, such as Terminal or PowerShell.

  2. Enter the command below, specifying the ID of the key that is expiring. Use the key ID mentioned in the System Message or email you received from Adyen.
    For example, if this key ID is ABC123DEF456789G you would enter:

    $ gpg --edit-key ABC123DEF456789G

    This opens the GnuPG console (gpg>).

  3. Use the expire command to edit the expiry date of the key.

    gpg> expire
  4. Enter the key validity. This is the length of time before the PGP key expires.
    For example, to extend the key's expiry by 5 years, enter 5y:

    gpg> 5y

    We recommend setting an expiry period for your PGP key.

  5. Use the save command to save the changes to your PGP key, and return to the command line.

    gpg> save
  6. Enter the following command to list your keys.

    $ gpg --list-secret-keys --keyid-format LONG
  7. Copy the ID of the new key you generated. In the example below, the key ID is ABC123DEF456789G:

    $ gpg --list-secret-keys --keyid-format LONG
    /Users/YOUR_USER/.gnupg/secring.gpg
    ------------------------------------
    sec   4096R/{hint:This is the key ID}ABC123DEF456789G{/hint} 2020-01-01 [expires: 2025-01-01]
    uid                          YOUR_USER_ID
    sub   4096R/456789OABC123DEH 2020-01-01
  8. Enter the command below, specifying the ID of the new key.
    For example, if this key ID is ABC123DEF456789G you would enter:

    $ gpg --armor --export ABC123DEF456789G

    Your public key is displayed.

  9. Copy your public key, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.

  10. Register your updated PGP key with Adyen.

See also