Modulr: PGP key generation

Why does Modulr require a PGP key?

A PGP key is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

Modulr will use a PGP key, provided by a customer, to ensure that only the customer themselves will have access to use the API key we provide as the HMAC will be used authenticate calls. Modulr will have access to the HMAC.

When creating a PGP key, you are given the PGP Public and the PGP Private keys.

Public: This is the key that you need to provide to Modulr.

Private: This should be kept by the customer and use to decrypt the output given to the customer by Modulr.

How to create a PGP Key

  1. Visit https://pgptool.org/ External website

  1. Fill out the requested information for name and email address. For the algorithm field please select RSA and select your key size in the required field. This is the customer choice in terms of key size. Recommendations are given on the site.

Do not loose the passphrase.

  1. You will also need to enter a passphrase. It is essential you remember what this is set to as you will be using this when decrypting the output from Modulr.

  1. Select Generate Keys.

  2. Save the Public and Private PGP Keys in separate files.

Do not share the Private PGP Key with Modulr or any other business.

  1. Public PGP Key to be shared with Modulr alongside the request for an API Key via email.

How to decrypt the output provided by Modulr

  1. Visit https://pgptool.org/ External website and select the tab Decrypt (+Verify).

  2. Input your Private PGP key in the section titled Receiver’s Private Key.

  3. Enter the Passphrase you created when generating your PGP keys in the text box titled Passphrase for private key.

  4. Paste the output provided by Modulr into the section titled Encrypted PGP Message the select the button labelled Decrypt the message.

  5. You will be displayed with your HMAC Secret.

    The customer is responsible for their own API credentials. Modulr cannot be held responsible if the Key and HMAC are lost/stolen.