Skip to main content

Install a PGP key pair for PGP-encrypted connections


Some third parties require PGP signing and/or encryption of files sent to them and send back encrypted and/or signed files in return. This article explains how to generate and install a PGP key pair to be used with such connections.

Generate your key pair

In order to start using PGP encryption, you need to generate a key pair. If you already have a key pair from before, you can skip this section.

  1. Install GPG (

  2. Run the command gpg --full-generate-key. This will ask you a series of questions. Choose the options RSA with 4096 bits and set your desired expiration date. Enter your user ID information – you will need to store this information for later use. Provide a secure passphrase to protect the key against unauthorised use.

Export your key pair

  1. Check the ID of your newly generated key with gpg --list-secret-keys --keyid-format LONG.

  2. From the list of keys, copy the key ID that you would like to use. The key ID is shown on the row starting with sec and following the dash sign. For example “sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]” means that the key ID is 3AA5C34371567BD2.

  3. Export your private key gpg --export-secret-keys YOUR_ID_HERE > private.gpg.

  4. Export your public key gpg --export YOUR_ID_HERE > public.gpg.

Upload your key pair to FA


Changing these configurations requires the Bank and custody connections (BCC) role.

Go to ToolsAdministerBank and custody connectionsUpload keys.


Choose Bank and custody connection keys andclick Choose file. Browse your private key with the name private.gpg and click Upload. Repeat for public.gpg. Finally click Confirm upload.

Now the key is uploaded and you can continue with configuring your desired connection.