Content export (CE) for Multi Tenant (MT) pods requires the user to configure an encryption key to encrypt the CE files.
To do this, the user must have a Unix/Linux type environment available and also ensure that GNU Privacy Guard (GNUPG) is installed.
Configure and generate encryption keys:
- Enter gpg --full-generate-key to begin generating the PGP key.
- Choose option (1), RSA and RSA (default).
$ gpg --full-generate-key
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
- Enter 4096 when asked what keysize is preferred.
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
- Select the expiry of the key and press Y to confirm. In the example below, 0 indicates no expiry date.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) Y
- Confirm the Real name and Email address so the keys can be generated, and enter 0 to confirm the details.
GnuPG needs to construct a user ID to identify your key.
Real name: ENTER REAL NAME HERE
Email address: ENTER EMAIL ADDRESS HERE
Comment:
You selected this USER-ID:
"xxx@xxx.com"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
- You will be redirected to a window asking to enter a passphrase for each of the keys. This is optional, and you can proceed without entering a passphrase.
The PGP will then be created as in the example below:
gpg: key E737CA1989194E5B marked as ultimately trusted
gpg: revocation certificate stored as '/home/ming/.gnupg/openpgp-revocs.d/EAED595082BC65348B1AA798E737CA1989194E5B.rev'
public and secret key created and signed.
pub rsa4096 2020-11-13 [SC]
EAED595082BC65348B1AA798E737CA1989194E5B
uid name_goes_here <xxx@xxx.com>
sub rsa4096 2020-11-13 [E]
- Extract the Public key: Enter gpg --export -a "xxx.xxx" > public.key.
- If you configured a passphrase for this key, when promoted, enter it to extract the key.
gpg --export -a "xxx.xxx" > public.key
- Extract the Private key: Enter pg --export-secret-key -a "xxx.xxx" > public.key. This key is needed in order to decrypt the files that were encrypted with the Public key.
- If you configured a passphrase for this key, when promoted, enter it to extract the key.
gpg --export-secret-key -a "xxx.xxx" > private.key
- Paste the Public key into the Encryption tab of the Admin Portal.
- Select Save Key to complete the process.