Skip to main content

Working with GPG keys

Zuora

Working with GPG keys

To use the Encrypted Data Source Exports feature to retrieve the ACH numbers, you need to generate a GPG key pair and send the public key to Zuora Support. When exporting files, you need to use your private key to decrypt the files. 

This is a Controlled Release feature. Contact Zuora Global Support for information about using this feature.

This topic walks you through how to generate a GPG key pair and use your private key to decrypt files.

GPG keys tutorial for Windows

Follow the steps below if you are running a Windows system.

Step 1. Install GPG4Win

  1. Download and Install GPG4Win from http://www.gpg4win.org/download.html

  2. Select your preferred settings during the installation process.

  3. Skip the Define trustable root certificates dialog by checking Root certificates defined or skip configuration, click Next.

  4. Launch the application called “Kleopatra” from Start / Gpg4win / Kleopatra

Step 2. Generate a key pair and send the public key to Zuora

  1. Launch the application from Start / Gpg4win / Kleopatra

  2. Create a New Key Pair and send the public key to Zuora Support

    Generate-Key-Kleopatra.png

    1. Create Personal OpenPGP key pair: Select File / New Certificate

    2. On the Choose Certificate Format window, Select Create a personal OpenPGP key pair.

    3. Enter your Name and Email address. Enter your real name and email address here or Zuora will reject the key.

      Create-OpenPGP-Certificate.png

    4.  Review and verify before pressing Create Key. The PGP key must be at least 3072-bit RSA. 4096-bit RSA is recommended. 

    5. Enter a Passphrase. Note: Note down the passphrase and keep it in a secure place. If you forgot the passphrase, you will not be able to decrypt files.

    6. Export the Key Certificate. Select the certificate in the list and then select Export. Select a location to save this file, the filename will match the fingerprint shown in the dialog window in the previous step. This is your public key certificate. 

      Export-key-certificate .png

    7. Send the file saved in the previous step to Zuora Support by creating a ticket.

Step 3. Decrypt an encrypted file sent by Zuora

  1. Select File / Decrypt/Verify files

  2. Select the .gpg file sent by Zuora

  3. Select the folder in which to decrypt files (leave the rest untouched)

    clipboard_e81fcb3e33a436fa6b1e8105f35e52a04.png

  4. Click Decrypt/Verify

  5. You’ll be asked to enter your passphrase. If you don’t remember it, you won’t be able to decrypt files.

  6. Verify the decrypted file has expected results

GPG key pair tutorial for Linux / Mac OS X

Step 1. Install GPG

Refer to the tutorials below to install GPG:

  1. For Linux: http://www.gnupg.org/download/index.en.html

  2. For Mac OS X: http://www.gpgtools.org/installer/index.html

Step 2. Generate a key pair and send the public key to Zuora

Note: The instructions here are based on GPG MiniHowto.

  1. Create your personal key: 

    1. Run: gpg    –gen-key

    2. Select RSA and RSA when prompted for which type of key to generate.

    3. Select a PGP key with at least 3072-bit RSA key size. 4096-bit RSA is recommended.

    4. Select 0 for never expire (or other values that you think are appropriate).

    5. Enter your real name and address, otherwise, Zuora would reject it.

    6. Enter a Passphrase. Note: Note down the passphrase and keep it in a secure place. If you forgot the passphrase, you will not be able to decrypt files.

  2. List your generated Key: 

    1. Run: gpg  --list-keys

    2. Note the Key ID which is next to the string “pub 4096R/”, e.g., in “pub 4096R/D9859F2E”, “D9859F2E” is the Key ID.

  3. Export Key using: gpg    --export  –a  –o <key Id>.asc  <Key Id>

  4. Send the <key id>.asc file saved in the previous step to Zuora Support by creating a ticket.

Step 3. Decrypt an encrypted file sent by Zuora.

Decrypt the encrypted file using: gpg –d encrypted-file.gpg  > decrypted-file

Note: You’ll be asked to enter the passphrase. If you don’t remember the passphrase, you will not be able to decrypt the file.