CORE Export to PGP Keyring User Interface Guide

Export to PGP Keyring

The ucl pgp-key -n <key-name> command creates proxy of CORE <key-name> in the client's GPGGNU Privacy Guard - PGP cryptography implementation keyring infrastructure:

In the GPGGNU Privacy Guard - PGP cryptography implementation public ring - a self-signed public key.
In the GPGGNU Privacy Guard - PGP cryptography implementation secret ring - an indication that the private key material is stored in the CORE.

Note
The GPGGNU Privacy Guard - PGP cryptography implementation keyring infrastructure is located in the $HOME/.gnupg folder. As needed, it is implicitly created by the ucl pgp-key command.

Prerequisites:

GnuPG: 2.1.11: It is supported in Linux RH8, UB16.04, UB18.04, Debian9.
Key type: RSA
CORE partition: If a client has certificates of multiple partitions, the key must be located in the first partition that appears when running the ucl partition list command from the client appliance.
Authorization: A user performing this command is authorized to sign crypto material

ucl pgp-key

This command:

If needed, creates the required GPGGNU Privacy Guard - PGP cryptography implementation infrastructure on the client appliance.
Creates a proxy of the specified RSA key in this infrastructure that the GPG2 shall use in its sign and decrypt commands.

Syntax:

ucl pgp-key
<-u <UID> | -n <key name>

The output of this command is verbose. We recommend:

Redirect the output to /dev/null.
Validate the result of the command by listing the content of the GPGGNU Privacy Guard - PGP cryptography implementation secret keyring and making sure the key is on the list.

For example, assuming that an RSA key by name "pgp1" is hosted by the first our client partition, create its proxy in GPGGNU Privacy Guard - PGP cryptography implementation keyrings, and examine the secret keyring:

ucl pgp-key -n pgp1 > /dev/null

gpg2 --list-secret-keys

/home/ec2-user/.gnupg/pubring.kbx --------------------------------- sec> rsa2048 2020-01-25 [SCEA] 89161090660E4AC61126A0C749C15D46C1E2616D Card serial no. = 3131 3034F20C uid [ unknown] pgp1

Note pgp1 in the last line of the output.

Note
The uid and [unknown] are GPG2 terms. They are not related to the CORE terms.

ucl pgp-key unregister

To delete all CORE proxy keys from the GPGGNU Privacy Guard - PGP cryptography implementation Secret Keyring, use the unregister command:

Syntax:

ucl pgp-key unregister

Note
To delete proxy keys from the GPGGNU Privacy Guard - PGP cryptography implementation Public Keyring, use gpg2 --delete-key <key-name> command.