No momento, esta página não está disponível em português

PGP encryption

PGP keys are used to sign, encrypt, and decrypt files and communications.

To protect sensitive information, Adyen uses PGP encryption for:

Batch processing files.
Reports (if encrypted).
Other files that contain sensitive card data, such as payment data migration files or Account Updater result files.

For those use cases you need to:

Generate a PGP key.
Register the PGP key with Adyen.

It is also important to update your PGP key before it expires.

Requirements

Before you begin, take into account the following requirements, limitations, and preparations.

Requirement	Description
Integration type	A payments integration with Adyen.
Limitations	For a merchant account you can only register PGP keys for encrypted reports and Account Updater.
Setup steps	To receive PGP expiry messages by email and/or in the Notification center in the Customer Area, subscribe to Encryption events notifications.

GnuPG command line tools

There are several tools available for managing PGP keys. In this tutorial, we explain how to generate or update a PGP key using the GnuPG command line tools. These are available for Windows, Mac, and Linux.

Before using this tutorial, make sure you have GnuPG command line tools installed on your computer.

To check if the GnuPG command line tools are installed:

Open a command line application (such as Terminal or PowerShell).
Run the command gpg --version.
If you get a command not found error message, download and install GnuPG.

1. Generate a new PGP key

To generate a PGP key using the GnuPG command line tools:

Open a command line application, such as Terminal or PowerShell.
Use the following command to create a GPG key pair.
```
$ gpg --full-generate-key
```
When asked which kind of key you want, press Enter to accept the default (RSA and RSA).
Enter a key size. We recommend entering at least 4096 (4096 bits).
Enter the key validity. This is the length of time before the key expires. For example, to set the expiry period to 5 years, enter 5y.

We recommend setting an expiry period for your PGP key.
Enter your user ID information, including your name and email address.
Enter o (indicating "okay") to confirm your user ID.
Enter a secure passphrase for your key, then press Enter. Your key is generated.
Enter the following command to list your keys.
```
$ gpg --list-secret-keys --keyid-format LONG
```

Copy the ID of the new key you generated. In the example below, the key ID is ABC123DEF456789O:

$ gpg --list-secret-keys --keyid-format LONG
/Users/YOUR_USER/.gnupg/secring.gpg
------------------------------------
sec   4096R/{hint:This is the key ID}ABC123DEF456789O{/hint} 2020-01-01 [expires: 2025-01-01]
uid                          YOUR_USER_ID
sub   4096R/456789OABC123DEF 2020-01-01

Enter the following command, specifying the ID of the new key, to show your public key.
For example, if this key ID is ABC123DEF456789O you would enter:
```
$ gpg --armor --export ABC123DEF456789O
```
Copy your public key, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.

The next step is to register this key with Adyen, in your Customer Area.

2. Register the PGP key with Adyen

To register your generated key with Adyen:

Log in to your Customer Area.
Switch to the company or merchant account for which you want to register PGP keys.
On a merchant account you can only register keys for the purposes Reports or AccountUpdater.
Select Settings > Account settings.
Select Manage PGP Keys.

A list of all the PGP keys you have previously registered with Adyen is shown, including the ID of each key (Key ID) and its expiry date (Expires).

Under Upload a new PGP Key:
- Select the Purpose of your new PGP key. For example, if you will use this key to encrypt and decrypt batch files, select Batch files.
- Paste the PGP Key you generated earlier, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.
Make sure this is your public key. Do not upload your private key.
Select Upload key to register the PGP key with Adyen.

Files that match the selected Purpose will be encrypted with this PGP key.

Handle an expiring PGP key

If a PGP key you have registered with Adyen expires, this can impact your ability to process transactions or to decrypt important information. You are responsible for ensuring that the PGP keys you have registered with Adyen are valid and up to date.

Two weeks before a PGP key you have registered is due to expire, we show a message in the Notification center of your Customer Area, and/or we send a message by email. This message indicates the ID of the PGP key, and when the key will expire.

When you get this message, you can either:

Recommended: Generate a new PGP key, and register the new key with Adyen. We recommend this approach, because it is theoretically more secure.
Update the expiry date of you existing PGP key and register your updated key with Adyen.

Update PGP key expiry

To update the expiry of a PGP key using the GnuPG command line tools:

Open a command line application, such as Terminal or PowerShell.
Enter the following command, specifying the ID of the expiring key. Use the key ID mentioned in the System Message or email you received from Adyen.
For example, if this key ID is ABC123DEF456789G:
```
$ gpg --edit-key ABC123DEF456789G
```
This opens the GnuPG console (gpg>).
Use the expire command to edit the expiry date of the key.
```
gpg> expire
```
Enter the key validity. This is the length of time before the PGP key expires.
For example, to extend the key's expiry by 5 years, enter 5y:
```
gpg> 5y
```
We recommend setting an expiry period for your PGP key.
Use the save command to save the changes to your PGP key, and return to the command line.
```
gpg> save
```
Enter the following command to list your keys.
```
$ gpg --list-secret-keys --keyid-format LONG
```

Copy the ID of the key you updated. In the example below, the key ID is ABC123DEF456789G:

$ gpg --list-secret-keys --keyid-format LONG
/Users/YOUR_USER/.gnupg/secring.gpg
------------------------------------
sec   4096R/{hint:This is the key ID}ABC123DEF456789G{/hint} 2020-01-01 [expires: 2025-01-01]
uid                          YOUR_USER_ID
sub   4096R/456789OABC123DEH 2020-01-01

Enter the following command, specifying the ID of the updated key, to show your public key.
For example, if this key ID is ABC123DEF456789G:
```
$ gpg --armor --export ABC123DEF456789G
```
Copy your public key, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.
Register your updated PGP key with Adyen.