{"title":"PGP encryption","category":"default","creationDate":1593791400,"content":"<p>PGP keys are used to sign, encrypt, and decrypt files and communications.<\/p>\n<p>To protect sensitive information, Adyen uses PGP encryption for:<\/p>\n<ul>\n<li><a href=\"\/development-resources\/batch-processing\/advanced-sftp-batch-files#pgp-encryption\">Batch processing files<\/a>.<\/li>\n<li>Reports (if <a href=\"\/reporting\/automatically-get-reports#encrypt-report-files\">encrypted<\/a>).<\/li>\n<li>Other files that contain sensitive card data, such as <a href=\"\/development-resources\/migrating-payment-data\">payment data migration files<\/a> or <a href=\"\/development-resources\/batch-processing\/advanced-sftp-batch-files\/batch-result-file\/accountupdater-result-file\">Account Updater result files<\/a>.<\/li>\n<\/ul>\n<p>For those use cases you need to:<\/p>\n<ol>\n<li><a href=\"#step-1-generate-new-pgp-key\">Generate<\/a> a PGP key.<\/li>\n<li><a href=\"#step-2-register-pgp-key-with-adyen\">Register the PGP key with Adyen<\/a>.<\/li>\n<\/ol>\n<p>It is also important to <a href=\"#update-pgp-key-expiry\">update your PGP key<\/a> before it expires.<\/p>\n<h2>Requirements<\/h2>\n<p>Before you begin, take into account the following requirements, limitations, and preparations.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">A payments integration with Adyen.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Limitations<\/strong><\/td>\n<td style=\"text-align: left;\">For a merchant account you can only register PGP keys for encrypted reports and Account Updater.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Setup steps<\/strong><\/td>\n<td style=\"text-align: left;\">To receive PGP expiry messages by email and\/or in the Notification center <i class=\"adl-icon-alert\"><\/i> in the Customer Area, <a href=\"\/account\/notification-center\/#configure-notification-settings\">subscribe to <strong>Encryption events<\/strong> notifications<\/a>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>GnuPG command line tools<\/h2>\n<p>There are several tools available for managing PGP keys. In this tutorial, we explain how to generate or update a PGP key using the <a href=\"https:\/\/www.gnupg.org\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">GnuPG<\/a> command line tools. These are available for Windows, Mac, and Linux.<\/p>\n<p>Before using this tutorial, make sure you have GnuPG command line tools installed on your computer.<\/p>\n<p>To check if the GnuPG command line tools are installed:<\/p>\n<ol>\n<li>Open a command line application (such as <em>Terminal<\/em> or <em>PowerShell<\/em>).<\/li>\n<li>Run the command <code>gpg --version<\/code>.<br \/>\nIf you get a <span translate=\"no\"><strong>command not found<\/strong><\/span> error message, <a href=\"https:\/\/www.gnupg.org\/download\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">download and install GnuPG<\/a>.<\/li>\n<\/ol>\n<h2 id=\"step-1-generate-new-pgp-key\">1. Generate a new PGP key<\/h2>\n<p>To generate a PGP key using the <a href=\"https:\/\/www.gnupg.org\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">GnuPG<\/a> command line tools:<\/p>\n<ol>\n<li>\n<p>Open a command line application, such as <em>Terminal<\/em> or <em>PowerShell<\/em>.<\/p>\n<\/li>\n<li>\n<p>Use the following command to create a GPG key pair.<\/p>\n<pre><code class=\"language-bash\">$ gpg --full-generate-key<\/code><\/pre>\n<\/li>\n<li>\n<p>When asked which kind of key you want, press <strong>Enter<\/strong> to accept the default (RSA and RSA).<\/p>\n<\/li>\n<li>\n<p>Enter a key size. We recommend entering at least <strong>4096<\/strong> (4096 bits).<\/p>\n<\/li>\n<li>\n<p>Enter the key validity. This is the length of time before the key expires. For example, to set the expiry period to 5 years, enter <code>5y<\/code>.<\/p>\n<div class=\"notices yellow\">\n<p>We recommend setting an expiry period for your PGP key.<\/p>\n<\/div>\n<\/li>\n<li>\n<p>Enter your user ID information, including your name and email address.<\/p>\n<\/li>\n<li>\n<p>Enter <span translate=\"no\"><strong>o<\/strong><\/span> (indicating \"okay\") to confirm your user ID.<\/p>\n<\/li>\n<li>\n<p>Enter a secure passphrase for your key, then press <strong>Enter<\/strong>. Your key is generated.<\/p>\n<\/li>\n<li>\n<p>Enter the following command to list your keys.<\/p>\n<pre><code class=\"language-bash\">$ gpg --list-secret-keys --keyid-format LONG<\/code><\/pre>\n<\/li>\n<li>\n<p>Copy the ID of the new key you generated. In the example below, the key ID is <span translate=\"no\"><strong>ABC123DEF456789O<\/strong><\/span>:<\/p>\n<pre><code class=\"language-bash\">$ gpg --list-secret-keys --keyid-format LONG\n\/Users\/YOUR_USER\/.gnupg\/secring.gpg\n------------------------------------\nsec   4096R\/{hint:This is the key ID}ABC123DEF456789O{\/hint} 2020-01-01 [expires: 2025-01-01]\nuid                          YOUR_USER_ID\nsub   4096R\/456789OABC123DEF 2020-01-01<\/code><\/pre>\n<\/li>\n<li>\n<p>Enter the following command, specifying the ID of the new key, to show your public key.<br \/>\nFor example, if this key ID is <span translate=\"no\"><strong>ABC123DEF456789O<\/strong><\/span> you would enter:<\/p>\n<pre><code class=\"language-bash\">$ gpg --armor --export ABC123DEF456789O<\/code><\/pre>\n<\/li>\n<li>\n<p>Copy your public key, including <code>-----BEGIN PGP PUBLIC KEY BLOCK-----<\/code> and <code>-----END PGP PUBLIC KEY BLOCK-----<\/code>.<\/p>\n<\/li>\n<\/ol>\n<p>The next step is to register this key with Adyen, in your Customer Area.<\/p>\n<h2>2. Register the PGP key with Adyen<\/h2>\n<p>To register your generated key with Adyen:<\/p>\n<ol>\n<li>\n<p>Log in to your <a href=\"https:\/\/ca-live.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>.<\/p>\n<\/li>\n<li>\n<p><a href=\"\/account\/manage-account-structure#switching-between-accounts\">Switch to the company or merchant account<\/a> for which you want to register PGP keys.<br \/>\nOn a merchant account you can only register keys for the purposes <strong>Reports<\/strong> or <strong>AccountUpdater<\/strong>.<\/p>\n<\/li>\n<li>\n<p>Select <strong>Settings<\/strong> &gt; <strong>Account settings<\/strong>.<\/p>\n<\/li>\n<li>\n<p>Select <strong>Manage PGP Keys<\/strong>.<\/p>\n<p>A list of all the PGP keys you have previously registered with Adyen is shown, including the ID of each key (<strong>Key ID<\/strong>) and its expiry date (<strong>Expires<\/strong>).<\/p>\n<\/li>\n<\/ol>\n<p><a id=\"purpose\"><\/a><\/p>\n<ol start=\"5\">\n<li>\n<p>Under <strong>Upload a new PGP Key<\/strong>:<\/p>\n<ul>\n<li>Select the <strong>Purpose<\/strong> of your new PGP key. For example, if you will use this key to encrypt and decrypt <a href=\"\/development-resources\/batch-processing\/advanced-sftp-batch-files#pgp-encryption\">batch files<\/a>, select <strong>Batch files<\/strong>.<\/li>\n<li>Paste the <strong>PGP Key<\/strong> you generated earlier, including <code>-----BEGIN PGP PUBLIC KEY BLOCK-----<\/code> and <code>-----END PGP PUBLIC KEY BLOCK-----<\/code>.<\/li>\n<\/ul>\n<div class=\"notices red\">\n<p>Make sure this is your <em>public<\/em> key. <strong>Do not<\/strong> upload your <em>private<\/em> key.<\/p>\n<\/div>\n<\/li>\n<li>\n<p>Select <strong>Upload key<\/strong> to register the PGP key with Adyen.<\/p>\n<\/li>\n<\/ol>\n<p>Files that match the selected <a href=\"#purpose\">\n  <strong>Purpose<\/strong>\n<\/a> will be encrypted with this PGP key.<\/p>\n<h2>Handle an expiring PGP key<\/h2>\n<p>If a PGP key you have registered with Adyen expires, this can impact your ability to process transactions or to decrypt important information. You are responsible for ensuring that the PGP keys you have registered with Adyen are valid and up to date.<\/p>\n<p>Two weeks before a <a href=\"#step-2-register-pgyp-key-with-adyen\">PGP key you have registered<\/a> is due to expire, we show a message in the <strong>Notification center<\/strong> of your Customer Area, and\/or we send a message by email. This message indicates the ID of the PGP key, and when the key will expire.<\/p>\n<p>When you get this message, you can either:<\/p>\n<ul>\n<li><strong>Recommended:<\/strong> <a href=\"#step-1-generate-new-pgp-key\">Generate a new PGP key<\/a>, and <a href=\"#step-2-register-pgp-key-with-adyen\">register the new key with Adyen<\/a>. We recommend this approach, because it is theoretically more secure.<\/li>\n<li><a href=\"#update-pgp-key-expiry\">Update the expiry date of you existing PGP key<\/a> and <a href=\"#step-2-register-pgp-key-with-adyen\">register your updated key with Adyen<\/a>.<\/li>\n<\/ul>\n<h3 id=\"update-pgp-key-expiry\">Update PGP key expiry<\/h3>\n<p>To update the expiry of a PGP key using the <a href=\"https:\/\/www.gnupg.org\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">GnuPG<\/a> command line tools:<\/p>\n<ol>\n<li>\n<p>Open a command line application, such as <em>Terminal<\/em> or <em>PowerShell<\/em>.<\/p>\n<\/li>\n<li>\n<p>Enter the following command, specifying the ID of the expiring key. Use the key ID mentioned in the <strong>System Message<\/strong> or email you received from Adyen.<br \/>\nFor example, if this key ID is <span translate=\"no\"><strong>ABC123DEF456789G<\/strong><\/span>:<\/p>\n<pre><code class=\"language-bash\">$ gpg --edit-key ABC123DEF456789G<\/code><\/pre>\n<p>This opens the GnuPG console (<code>gpg&gt;<\/code>).<\/p>\n<\/li>\n<li>\n<p>Use the <code>expire<\/code> command to edit the expiry date of the key.<\/p>\n<pre><code class=\"language-bash\">gpg&gt; expire<\/code><\/pre>\n<\/li>\n<li>\n<p>Enter the key validity. This is the length of time before the PGP key expires.<br \/>\nFor example, to extend the key's expiry by 5 years, enter <code>5y<\/code>:<\/p>\n<pre><code class=\"language-bash\">gpg&gt; 5y<\/code><\/pre>\n<div class=\"notices yellow\">\n<p>We recommend setting an expiry period for your PGP key.<\/p>\n<\/div>\n<\/li>\n<li>\n<p>Use the <code>save<\/code> command to save the changes to your PGP key, and return to the command line.<\/p>\n<pre><code class=\"language-bash\">gpg&gt; save<\/code><\/pre>\n<\/li>\n<li>\n<p>Enter the following command to list your keys.<\/p>\n<pre><code class=\"language-bash\">$ gpg --list-secret-keys --keyid-format LONG<\/code><\/pre>\n<\/li>\n<li>\n<p>Copy the ID of the key you updated. In the example below, the key ID is <span translate=\"no\"><strong>ABC123DEF456789G<\/strong><\/span>:<\/p>\n<pre><code class=\"language-bash\">$ gpg --list-secret-keys --keyid-format LONG\n\/Users\/YOUR_USER\/.gnupg\/secring.gpg\n------------------------------------\nsec   4096R\/{hint:This is the key ID}ABC123DEF456789G{\/hint} 2020-01-01 [expires: 2025-01-01]\nuid                          YOUR_USER_ID\nsub   4096R\/456789OABC123DEH 2020-01-01<\/code><\/pre>\n<\/li>\n<li>\n<p>Enter the following command, specifying the ID of the updated key, to show your public key.<br \/>\nFor example, if this key ID is <span translate=\"no\"><strong>ABC123DEF456789G<\/strong><\/span>:<\/p>\n<pre><code class=\"language-bash\">$ gpg --armor --export ABC123DEF456789G<\/code><\/pre>\n<\/li>\n<li>\n<p>Copy your public key, including <code>-----BEGIN PGP PUBLIC KEY BLOCK-----<\/code> and <code>-----END PGP PUBLIC KEY BLOCK-----<\/code>.<\/p>\n<\/li>\n<li>\n<p><a href=\"#step-2-register-pgp-key-with-adyen\">Register your updated PGP key with Adyen<\/a>.<\/p>\n<\/li>\n<\/ol>\n<h2>See also<\/h2>\n<div class=\"see-also-links output-inline\" id=\"see-also\">\n<ul><li><a href=\"https:\/\/www.gnupg.org\/\"\n                        target=\"_blank\"\n                         class=\"external\">\n                    GnuPG - GNU Privacy Guard\n                <\/a><\/li><li><a href=\"\/development-resources\/batch-processing\"\n                        target=\"_self\"\n                        >\n                    Adyen batch processing\n                <\/a><\/li><li><a href=\"\/reporting\/automatically-get-reports#encrypt-report-files\"\n                        target=\"_self\"\n                        >\n                    Encrypting Adyen reports\n                <\/a><\/li><li><a href=\"\/development-resources\/batch-processing\/advanced-sftp-batch-files\/batch-result-file\/accountupdater-result-file\"\n                        target=\"_self\"\n                        >\n                    Account Updater result files\n                <\/a><\/li><li><a href=\"\/development-resources\/migrating-payment-data\"\n                        target=\"_self\"\n                        >\n                    Migrating payment data\n                <\/a><\/li><\/ul><\/div>\n","url":"https:\/\/docs.adyen.com\/development-resources\/security\/sensitive-data\/pgp-encryption","articleFields":{"description":"Register your PGP key with Adyen.","last_edit_on":"29-08-2023 11:24","feedback_component":true,"filters_component":false},"algolia":{"url":"https:\/\/docs.adyen.com\/development-resources\/security\/sensitive-data\/pgp-encryption","title":"PGP encryption","content":"PGP keys are used to sign, encrypt, and decrypt files and communications.\nTo protect sensitive information, Adyen uses PGP encryption for:\n\nBatch processing files.\nReports (if encrypted).\nOther files that contain sensitive card data, such as payment data migration files or Account Updater result files.\n\nFor those use cases you need to:\n\nGenerate a PGP key.\nRegister the PGP key with Adyen.\n\nIt is also important to update your PGP key before it expires.\nRequirements\nBefore you begin, take into account the following requirements, limitations, and preparations.\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nA payments integration with Adyen.\n\n\nLimitations\nFor a merchant account you can only register PGP keys for encrypted reports and Account Updater.\n\n\nSetup steps\nTo receive PGP expiry messages by email and\/or in the Notification center  in the Customer Area, subscribe to Encryption events notifications.\n\n\n\nGnuPG command line tools\nThere are several tools available for managing PGP keys. In this tutorial, we explain how to generate or update a PGP key using the GnuPG command line tools. These are available for Windows, Mac, and Linux.\nBefore using this tutorial, make sure you have GnuPG command line tools installed on your computer.\nTo check if the GnuPG command line tools are installed:\n\nOpen a command line application (such as Terminal or PowerShell).\nRun the command gpg --version.\nIf you get a command not found error message, download and install GnuPG.\n\n1. Generate a new PGP key\nTo generate a PGP key using the GnuPG command line tools:\n\n\nOpen a command line application, such as Terminal or PowerShell.\n\n\nUse the following command to create a GPG key pair.\n$ gpg --full-generate-key\n\n\nWhen asked which kind of key you want, press Enter to accept the default (RSA and RSA).\n\n\nEnter a key size. We recommend entering at least 4096 (4096 bits).\n\n\nEnter the key validity. This is the length of time before the key expires. For example, to set the expiry period to 5 years, enter 5y.\n\nWe recommend setting an expiry period for your PGP key.\n\n\n\nEnter your user ID information, including your name and email address.\n\n\nEnter o (indicating \"okay\") to confirm your user ID.\n\n\nEnter a secure passphrase for your key, then press Enter. Your key is generated.\n\n\nEnter the following command to list your keys.\n$ gpg --list-secret-keys --keyid-format LONG\n\n\nCopy the ID of the new key you generated. In the example below, the key ID is ABC123DEF456789O:\n$ gpg --list-secret-keys --keyid-format LONG\n\/Users\/YOUR_USER\/.gnupg\/secring.gpg\n------------------------------------\nsec   4096R\/{hint:This is the key ID}ABC123DEF456789O{\/hint} 2020-01-01 [expires: 2025-01-01]\nuid                          YOUR_USER_ID\nsub   4096R\/456789OABC123DEF 2020-01-01\n\n\nEnter the following command, specifying the ID of the new key, to show your public key.\nFor example, if this key ID is ABC123DEF456789O you would enter:\n$ gpg --armor --export ABC123DEF456789O\n\n\nCopy your public key, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.\n\n\nThe next step is to register this key with Adyen, in your Customer Area.\n2. Register the PGP key with Adyen\nTo register your generated key with Adyen:\n\n\nLog in to your Customer Area.\n\n\nSwitch to the company or merchant account for which you want to register PGP keys.\nOn a merchant account you can only register keys for the purposes Reports or AccountUpdater.\n\n\nSelect Settings &gt; Account settings.\n\n\nSelect Manage PGP Keys.\nA list of all the PGP keys you have previously registered with Adyen is shown, including the ID of each key (Key ID) and its expiry date (Expires).\n\n\n\n\n\nUnder Upload a new PGP Key:\n\nSelect the Purpose of your new PGP key. For example, if you will use this key to encrypt and decrypt batch files, select Batch files.\nPaste the PGP Key you generated earlier, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.\n\n\nMake sure this is your public key. Do not upload your private key.\n\n\n\nSelect Upload key to register the PGP key with Adyen.\n\n\nFiles that match the selected \n  Purpose\n will be encrypted with this PGP key.\nHandle an expiring PGP key\nIf a PGP key you have registered with Adyen expires, this can impact your ability to process transactions or to decrypt important information. You are responsible for ensuring that the PGP keys you have registered with Adyen are valid and up to date.\nTwo weeks before a PGP key you have registered is due to expire, we show a message in the Notification center of your Customer Area, and\/or we send a message by email. This message indicates the ID of the PGP key, and when the key will expire.\nWhen you get this message, you can either:\n\nRecommended: Generate a new PGP key, and register the new key with Adyen. We recommend this approach, because it is theoretically more secure.\nUpdate the expiry date of you existing PGP key and register your updated key with Adyen.\n\nUpdate PGP key expiry\nTo update the expiry of a PGP key using the GnuPG command line tools:\n\n\nOpen a command line application, such as Terminal or PowerShell.\n\n\nEnter the following command, specifying the ID of the expiring key. Use the key ID mentioned in the System Message or email you received from Adyen.\nFor example, if this key ID is ABC123DEF456789G:\n$ gpg --edit-key ABC123DEF456789G\nThis opens the GnuPG console (gpg&gt;).\n\n\nUse the expire command to edit the expiry date of the key.\ngpg&gt; expire\n\n\nEnter the key validity. This is the length of time before the PGP key expires.\nFor example, to extend the key's expiry by 5 years, enter 5y:\ngpg&gt; 5y\n\nWe recommend setting an expiry period for your PGP key.\n\n\n\nUse the save command to save the changes to your PGP key, and return to the command line.\ngpg&gt; save\n\n\nEnter the following command to list your keys.\n$ gpg --list-secret-keys --keyid-format LONG\n\n\nCopy the ID of the key you updated. In the example below, the key ID is ABC123DEF456789G:\n$ gpg --list-secret-keys --keyid-format LONG\n\/Users\/YOUR_USER\/.gnupg\/secring.gpg\n------------------------------------\nsec   4096R\/{hint:This is the key ID}ABC123DEF456789G{\/hint} 2020-01-01 [expires: 2025-01-01]\nuid                          YOUR_USER_ID\nsub   4096R\/456789OABC123DEH 2020-01-01\n\n\nEnter the following command, specifying the ID of the updated key, to show your public key.\nFor example, if this key ID is ABC123DEF456789G:\n$ gpg --armor --export ABC123DEF456789G\n\n\nCopy your public key, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.\n\n\nRegister your updated PGP key with Adyen.\n\n\nSee also\n\n\n                    GnuPG - GNU Privacy Guard\n                \n                    Adyen batch processing\n                \n                    Encrypting Adyen reports\n                \n                    Account Updater result files\n                \n                    Migrating payment data\n                \n","type":"page","locale":"en","boost":16,"hierarchy":{"lvl0":"Home","lvl1":"Development resources","lvl2":"Security resources","lvl3":"Protecting sensitive data","lvl4":"PGP encryption"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/","lvl1":"https:\/\/docs.adyen.com\/development-resources","lvl2":"https:\/\/docs.adyen.com\/development-resources\/security","lvl3":"https:\/\/docs.adyen.com\/development-resources\/security\/sensitive-data","lvl4":"\/development-resources\/security\/sensitive-data\/pgp-encryption"},"levels":5,"category":"Development Resources","category_color":"green","tags":["encryption"]}}