Back up Your Key Pair and Passphrase and Upload Your Public Key

After you have obtained your PGP key pair and passphrase you must document them for a number of purposes:

1. You will need at least one hard-copy backup of your key pair and passphrase. At least two people must know where the backup copy is, including a supervisor.
2. If you generate your PGP keys, you will need to upload your public key file to your web site so that we can make your key available to your site's visitors by adding it to the BU keyring.
3. If you intend to install PGP on a second computer and want each computer to use the same private key, you will need a copy of your key pair in a portable, compatible format (e.g. a CD).

Please note that Webmaster does not obtain or retain any passphrases for generated keys; if a passphrase is lost, the key must be regenerated and any emails previously encrpyted by that key will be unreadable. Users who have generated their own PGP key pair should refer to the instructions below.

Export your public key (PGP 7.0.3 users)

In order to document your keys for all the purposes listed above, your first step is to export your keys using PGPKeys. This program is automatically installed with the PGP software.

It will be helpful to export two copies of your keys. The first copy will be for your private records. It will include both the public and the private key. You can use it to back up your keys or to install the same private key on more than one computer. The second copy will include your public key only, which you can upload to your public web space.

1. Open PGPKeys from the PGP program group.

2. Highlight your profile (it will have a icon next to it) by clicking on it once.

3. Choose Export... from the Keys menu and save your key with a filename in the following format:

   your-department-email-login-key-pair.asc

   where your-department-email-login is replaced with your departmental e-mail login name.
   
   For example, if you were in the Classics department and have a departmental e-mail account called classics@bu.edu that you intend to use for your secure transactions, your public key file would be named:

   classics-key-pair.asc

4. Before you exit the Export... window, check Include private key at the bottom left of the export screen. That way the your-department-email-login-key-pair.asc file contains both the private and the public key, and you can use this copy as a backup or add the private key to other computers.
   
   
5. To export a second copy, repeat steps 1 and 2, with the following exceptions:
   
   Make sure that you leave the Include private key selection box unchecked.
   
   Save your second exported copy with a filename in the following slightly different format:
   

   your-department-email-login-public-key.asc

   where your-department-email-login is replaced with the departmental e-mail login name.
   
   For example, if you were in the Classics department and have a departmental e-mail account called classics@bu.edu that you intend to use for your secure transactions, your public key file would be named:

   classics-public-key.asc

   This second copy will be the one you upload to your public web space.
   

Back up your key pair and passphrase

You must back up your key pair (both the public and private key), and especially your passphrase. The passphrase is absolutely irretrievable if lost. For this reason, we strongly recommend that a hard-copy backup exists in at least one place. At least two people in your department, one of whom should be a supervisor, must know where this key pair and passphrase is. In the Notify us step, you will fill out a form that will require you confirm completion of this backup procedure.

Upload the public key file to your web site

Upload your newly exported public key file (your-department-email-login-public-key.asc) to your web site. You don't need to put it in an HTML file or create links to this file. In the Notify us step, you will inform us of this file's web address. We need the public key file so that we can add the public key to the keyring on the BU server. The web address for your public key file will be something like:

http://www.bu.edu/dept-web-site/your-department-email-login-public-key.asc

Warning: Do not publish your key pair (your-department-email-login-key-pair.asc) in public web space. The key pair file contains your private key, which decrypts any files encrypted with the public key.

Note for Mac users: If you are using an FTP program for Macs, such as Fetch, make sure that you select Text as the file format before you upload this file.