How to configure encryption keys for Multi Tenant (MT) content export

Content export (CE) for Multi Tenant (MT) pods requires the user to configure an encryption key to encrypt the CE files.

To do this, the user must have a Unix/Linux type environment available and also ensure that GNU Privacy Guard (GNUPG) is installed.

Configure and generate encryption keys:

  1. Enter gpg --full-generate-key to begin generating the PGP key.
  2. Choose option (1), RSA and RSA (default).
$ gpg --full-generate-key
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
  1. Enter 4096 when asked what keysize is preferred.
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
  1.  Select the expiry of the key and press Y to confirm. In the example below, 0 indicates no expiry date.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) Y
  1. Confirm the Real name and Email address so the keys can be generated, and enter 0 to confirm the details.
GnuPG needs to construct a user ID to identify your key.

Real name: ENTER REAL NAME HERE
Email address: ENTER EMAIL ADDRESS HERE
Comment:

You selected this USER-ID:
"xxx@xxx.com"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
  1. You will be redirected to a window asking to enter a passphrase for each of the keys. This is optional, and you can proceed without entering a passphrase.

    The PGP will then be created as in the example below:
gpg: key E737CA1989194E5B marked as ultimately trusted
gpg: revocation certificate stored as '/home/ming/.gnupg/openpgp-revocs.d/EAED595082BC65348B1AA798E737CA1989194E5B.rev'
public and secret key created and signed.

pub rsa4096 2020-11-13 [SC]
EAED595082BC65348B1AA798E737CA1989194E5B
uid name_goes_here <xxx@xxx.com>
sub rsa4096 2020-11-13 [E]
  1. Extract the Public key: Enter gpg --export -a "xxx.xxx" > public.key.
  2. If you configured a passphrase for this key, when promoted, enter it to extract the key.
gpg --export -a "xxx.xxx" > public.key
  1. Extract the Private key: Enter pg --export-secret-key -a "xxx.xxx" > public.key. This key is needed in order to decrypt the files that were encrypted with the Public key.
  2. If you configured a passphrase for this key, when promoted, enter it to extract the key.
gpg --export-secret-key -a "xxx.xxx" > private.key
  1. Paste the Public key into the Encryption tab of the Admin Portal.
  2. Select Save Key to complete the process.