How to create a secure GPG archive for Yottaa

When sending private information through email, such as your origin server SSL certificate we recommend that you use a GPG archive as this provides a secure, safe, and private way ensuring that only your intended recipient is able to open the document. To do this you will need two things, the gpg encryption software and the public key from Yottaa to sign with.

Downloading the Yottaa Public Key

To get started, download Yottaa's public key here: yottaa-support-public.key.asc . The file is also available at the bottom of this article.

Preparing Your Private Key and Certificate

Private keys and certificates come in many different formats; some formats store the keys/certificates as separate files (e.g. ".key" and ".crt" files), whereas others may include both in a single file (e.g. ".pfx" or ".p12" files).

If your key and certificate involve multiple files, please zip or tar the files together into a single file (most operating systems allow you to CTRL-click or CMD-click to select multiple files, then you can right click them and there will be a "Send to Zip" or "Compress" option). You can then proceed to encrypt the compressed file.

Getting Started on Windows

For Windows users, we recommend the Gpg4win package, available at http://gpg4win.org/download.html. The Gpg4win-vanilla package is sufficient for this purpose, and is a much lighter package, but the light or full versions will work as well.

Once you've installed Gpg4win, you will need to open the command prompt. In Windows Explorer, hold the SHIFT key and right-click the folder you downloaded the yottaa-support-public.key.asc file to, then choose "Open command window here". From here, you can proceed to the "Command Line Instructions" section below.

If your server's private key is in a different folder, you will also want to open another command window to that folder by using SHIFT/right-click and selecting "Open command window here" in Windows Explorer.

Getting Started on Mac

For Mac users, we recommend the GPGTools package, available at https://gpgtools.org/. During installation, you can choose to customize the installation; the two components needed are "GPGKeychain" and "MacGPG2" (you may deselect the remaining components).

After installing GPGTools, open a Terminal window and change to the folder you downloaded the yottaa-support-public.key.asc file to, using the cd command. If the file is in your "Downloads" folder, you can use cd ~/Downloads to get there quickly. You can then proceed to the "Command Line Instructions" section below.

Getting Started on Linux/BSD

If your distribution of Linux or BSD does not include the gpg tools, please check with your distribution's package manager for the gpg tools, or download from https://www.gnupg.org/download/.

Command Line Instructions

  1. From the command line, import the key provided by Yottaa, in the following example the key is called yottaa-support-public.key.asc 

  2. Note: You may need to use the sudo command on Mac or Gnu/linux based OSes. Type sudo followed by a space in front of the gpg commands listed below; you will be prompted for your password.
    gpg --import yottaa-support-public.key.asc
    You should see something similar to the following output:
    sudo gpg --import yottaa-support-public.key.asc
    gpg: key E1BA7C96: public key "Yottaa Support <support@yottaa.com>" imported
    gpg: Total number processed: 1
    gpg: imported: 1 (RSA: 1)
  3. You can now get a list of all keys on your system. 
    gpg --list-keys
    Which will output something similar to the following and may have more entries:
    pub   4096R/E1BA7C96 2014-04-10 [expires: 2018-04-10]
    uid [ unknown] Yottaa Support <support@yottaa.com>
    sub 4096R/D1979A0A 2014-04-10 [expires: 2018-04-10]
  4. In the above example the key generated is listed as 7AD82A74 with an email address of support@yottaa.com. This is what we will use to sign the encrypted archive, where *my_site* is your site name, and *my_cert_file* is the name of your single certificate file (or compressed file containing all the necessary files). 
    gpg -o *my_site*_SSL.gpg.txt --encrypt --armor -r support@yottaa.com *my_cert_file*
    Note: The output file name should end in ".gpg.txt"; this will help prevent email attachment filters from erroneously blocking the attachment.

  5. You will likely receive a warning that it is not certain whether the key belongs to the person named; press y to confirm if prompted. When complete, the program will not display any confirmation, however the new file *my_site*_SSL.gpg.txt will be created in the folder. Respond to your open support ticket with this file attached, or create a new ticket if updating your certificate.
Have more questions? Submit a request

Comments

Powered by Zendesk