---
title: "PGP encryption"
description: "Register your PGP key with Adyen."
url: "https://docs.adyen.com/development-resources/security/sensitive-data/pgp-encryption"
source_url: "https://docs.adyen.com/development-resources/security/sensitive-data/pgp-encryption.md"
canonical: "https://docs.adyen.com/development-resources/security/sensitive-data/pgp-encryption"
last_modified: "2023-08-29T11:24:00+02:00"
language: "en"
---

# PGP encryption

Register your PGP key with Adyen.

[View source](/development-resources/security/sensitive-data/pgp-encryption.md)

PGP keys are used to sign, encrypt, and decrypt files and communications.

To protect sensitive information, Adyen uses PGP encryption for:

* [Batch processing files](/development-resources/batch-processing/advanced-sftp-batch-files#pgp-encryption).
* Reports (if [encrypted](/reporting/automatically-get-reports#encrypt-report-files)).
* Other files that contain sensitive card data, such as [payment data migration files](/development-resources/migrating-payment-data) or [Account Updater result files](/development-resources/batch-processing/advanced-sftp-batch-files/batch-result-file/accountupdater-result-file).

For those use cases you need to:

1. [Generate](#step-1-generate-new-pgp-key) a PGP key.
2. [Register the PGP key with Adyen](#step-2-register-pgp-key-with-adyen).

It is also important to [update your PGP key](#update-pgp-key-expiry) before it expires.

## Requirements

Before you begin, take into account the following requirements, limitations, and preparations.

| Requirement          | Description                                                                                                                                                                                                          |
| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Integration type** | A payments integration with Adyen.                                                                                                                                                                                   |
| **Limitations**      | For a merchant account you can only register PGP keys for encrypted reports and Account Updater.                                                                                                                     |
| **Setup steps**      | To receive PGP expiry messages by email and/or in the Notification center **in the Customer Area, [subscribe to **Encryption events** notifications](/account/notification-center/#configure-notification-settings). |

## GnuPG command line tools

There are several tools available for managing PGP keys. In this tutorial, we explain how to generate or update a PGP key using the [GnuPG](https://www.gnupg.org/) command line tools. These are available for Windows, Mac, and Linux.

Before using this tutorial, make sure you have GnuPG command line tools installed on your computer.

To check if the GnuPG command line tools are installed:

1. Open a command line application (such as *Terminal* or *PowerShell*).
2. Run the command `gpg --version`.\
   If you get a **command not found** error message, [download and install GnuPG](https://www.gnupg.org/download/).

## 1. Generate a new PGP key

To generate a PGP key using the [GnuPG](https://www.gnupg.org/) command line tools:

1. Open a command line application, such as *Terminal* or *PowerShell*.

2. Use the following command to create a GPG key pair.

   ```bash
   $ gpg --full-generate-key
   ```

3. When asked which kind of key you want, press **Enter** to accept the default (RSA and RSA).

4. Enter a key size. We recommend entering at least **4096** (4096 bits).

5. Enter the key validity. This is the length of time before the key expires. For example, to set the expiry period to 5 years, enter `5y`.

   We recommend setting an expiry period for your PGP key.

6. Enter your user ID information, including your name and email address.

7. Enter **o** (indicating "okay") to confirm your user ID.

8. Enter a secure passphrase for your key, then press **Enter**. Your key is generated.

9. Enter the following command to list your keys.

   ```bash
   $ gpg --list-secret-keys --keyid-format LONG
   ```

10. Copy the ID of the new key you generated. In the example below, the key ID is **ABC123DEF456789O**:

    ```bash
    $ gpg --list-secret-keys --keyid-format LONG
    /Users/YOUR_USER/.gnupg/secring.gpg
    ------------------------------------
    sec   4096R/{hint:This is the key ID}ABC123DEF456789O{/hint} 2020-01-01 [expires: 2025-01-01]
    uid                          YOUR_USER_ID
    sub   4096R/456789OABC123DEF 2020-01-01
    ```

11. Enter the following command, specifying the ID of the new key, to show your public key.\
    For example, if this key ID is **ABC123DEF456789O** you would enter:

    ```bash
    $ gpg --armor --export ABC123DEF456789O
    ```

12. Copy your public key, including `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`.

The next step is to register this key with Adyen, in your Customer Area.

## 2. Register the PGP key with Adyen

To register your generated key with Adyen:

1. Log in to your [Customer Area](https://ca-live.adyen.com/).

2. [Switch to the company or merchant account](/account/manage-account-structure#switching-between-accounts) for which you want to register PGP keys.\
   On a merchant account you can only register keys for the purposes **Reports** or **AccountUpdater**.

3. Select **Settings** > **Account settings**.

4. Select **Manage PGP Keys**.

   A list of all the PGP keys you have previously registered with Adyen is shown, including the ID of each key (**Key ID**) and its expiry date (**Expires**).

[]()

5. Under **Upload a new PGP Key**:

   * Select the **Purpose** of your new PGP key. For example, if you will use this key to encrypt and decrypt [batch files](/development-resources/batch-processing/advanced-sftp-batch-files#pgp-encryption), select **Batch files**.
   * Paste the **PGP Key** you generated earlier, including `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`.

   Make sure this is your *public* key. **Do not** upload your *private* key.

6. Select **Upload key** to register the PGP key with Adyen.

Files that match the selected [**Purpose** ](#purpose)will be encrypted with this PGP key.

## Handle an expiring PGP key

If a PGP key you have registered with Adyen expires, this can impact your ability to process transactions or to decrypt important information. You are responsible for ensuring that the PGP keys you have registered with Adyen are valid and up to date.

Two weeks before a [PGP key you have registered](#step-2-register-pgyp-key-with-adyen) is due to expire, we show a message in the **Notification center** of your Customer Area, and/or we send a message by email. This message indicates the ID of the PGP key, and when the key will expire.

When you get this message, you can either:

* **Recommended:** [Generate a new PGP key](#step-1-generate-new-pgp-key), and [register the new key with Adyen](#step-2-register-pgp-key-with-adyen). We recommend this approach, because it is theoretically more secure.
* [Update the expiry date of you existing PGP key](#update-pgp-key-expiry) and [register your updated key with Adyen](#step-2-register-pgp-key-with-adyen).

### Update PGP key expiry

To update the expiry of a PGP key using the [GnuPG](https://www.gnupg.org/) command line tools:

1. Open a command line application, such as *Terminal* or *PowerShell*.

2. Enter the following command, specifying the ID of the expiring key. Use the key ID mentioned in the **System Message** or email you received from Adyen.\
   For example, if this key ID is **ABC123DEF456789G**:

   ```bash
   $ gpg --edit-key ABC123DEF456789G
   ```

   This opens the GnuPG console (`gpg>`).

3. Use the `expire` command to edit the expiry date of the key.

   ```bash
   gpg> expire
   ```

4. Enter the key validity. This is the length of time before the PGP key expires.\
   For example, to extend the key's expiry by 5 years, enter `5y`:

   ```bash
   gpg> 5y
   ```

   We recommend setting an expiry period for your PGP key.

5. Use the `save` command to save the changes to your PGP key, and return to the command line.

   ```bash
   gpg> save
   ```

6. Enter the following command to list your keys.

   ```bash
   $ gpg --list-secret-keys --keyid-format LONG
   ```

7. Copy the ID of the key you updated. In the example below, the key ID is **ABC123DEF456789G**:

   ```bash
   $ gpg --list-secret-keys --keyid-format LONG
   /Users/YOUR_USER/.gnupg/secring.gpg
   ------------------------------------
   sec   4096R/{hint:This is the key ID}ABC123DEF456789G{/hint} 2020-01-01 [expires: 2025-01-01]
   uid                          YOUR_USER_ID
   sub   4096R/456789OABC123DEH 2020-01-01
   ```

8. Enter the following command, specifying the ID of the updated key, to show your public key.\
   For example, if this key ID is **ABC123DEF456789G**:

   ```bash
   $ gpg --armor --export ABC123DEF456789G
   ```

9. Copy your public key, including `-----BEGIN PGP PUBLIC KEY BLOCK-----` and `-----END PGP PUBLIC KEY BLOCK-----`.

10. [Register your updated PGP key with Adyen](#step-2-register-pgp-key-with-adyen).

## See also

* [GnuPG - GNU Privacy Guard](https://www.gnupg.org/)
* [Adyen batch processing](/development-resources/batch-processing)
* [Encrypting Adyen reports](/reporting/automatically-get-reports#encrypt-report-files)
* [Account Updater result files](/development-resources/batch-processing/advanced-sftp-batch-files/batch-result-file/accountupdater-result-file)
* [Migrating payment data](/development-resources/migrating-payment-data)