Generate Key Pair

Prerequisites
You’re familiar with the process of adding a new user.
You’re familiar with cryptographic algorithms utilized by FlowCrypt products.

The Key Pairs section of the Enterprise Admin Panel provides a convenient way to generate keys for your organization, which is illustrated in the following steps.

Additionally, you can generate key pairs from the End Users section when you open the user details page of any particular user. This process is described in the Generate key pair for the particular user section.

1. To generate a key pair from the Key Pairs section, click on the green New Key button:

enterprise eap usage key pairs manage keys generate key pair new key button

2. It will open a new page where you need to fill in the key data:

Remember that a user is represented by a single email address. If you generate two keys with the same end user name but different email addresses, this will be considered as two users.

enterprise eap usage key pairs manage keys generate key pair generate and store key pair

For guidance on completing the last three fields, refer to the following information:

Expiration: Typically, it’s set to six or twelve months. Additionally, you can leave it blank if you don’t want them to expire.
Algorithm: If you’re unsure which key generation algorithm to choose, please see the Key Generation Algorithms guide. We recommend choosing the Curve25519 option for faster key generation, encryption, and decryption operations. However, if you require RSA for specific reasons, you are free to choose it. For instance, large RSA keys have a larger file size, making them more resistant to brute force attacks.
Automatic lifecycle actions: This feature enables you to automatically rotate keys or extend their expiration date. More details can be found in the Orchestrator Configuration guide.

3. After everything is set up, click Generate New Key Pair:

enterprise eap usage key pairs manage keys generate key pair confirm generating key pair

4. You’ll see a “Key pair successfully generated.” message:

enterprise eap usage key pairs manage keys generate key pair key pair successfully generated

If you navigate to the initial Key Pairs section, you’ll find the key you generated:

You can also find this key pair if you open the corresponding user’s detail page from the End Users section.

enterprise eap usage key pairs manage keys generate key pair view key pair list

Generate a key pair for the particular user

Besides generating a key pair from the Key Pairs section, you can also do it from the End Users section. In this case, the key generation process is almost the same as described above with just one difference. You don’t need to fill in the primary email address, as you generate the key directly for the chosen user:

1. To generate a key pair for a particular user, navigate to the End Users section and choose the user by clicking on the email address:

enterprise eap usage key pairs manage keys generate key pair end user

2. After, click the New Key button located at the bottom right corner of the End User Details page:

enterprise eap usage key pairs manage keys generate key pair end user details

Here, the Primary email field already contains the user’s email address (this field will be empty if you generate a key pair from the Key Pairs section), and you need to fill in the rest of the fields:

enterprise eap usage key pairs manage keys generate key pair generate and store key pair for user

After generating the key, it can be found in the list of your organization keys or in the End User Details page:

enterprise eap usage key pairs manage keys generate key pair view end users key

Note that you can download the list of key pairs of users in a CSV file from both the Key Pairs and End Users sections.

What’s next? Explore the Key Pair Details Page Overview guide to learn what kind of information you can find about a particular key.