How to Encrypt a File with PGP Encryption

PGP encryption is one of the most popular encryption protocols and for several good reasons.

Robust Managed File Transfer (MFT) solutions offer multiple encryption tools built into their MFT servers such as Encryption at rest, Password Protected ZIP, ZIP with AES Encryption, S/MIME for AS2, AS3, and AS4. Let’s zero in on when and why someone should use PGP Encryption and take a look at how to implement PGP in your MFT workflows.

What is PGP?

PGP stands for “Pretty Good Privacy.” This protocol is used to sign, encrypt, and decrypt texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. PGP uses asymmetric encryption, meaning that one key is used to encrypt the data (usually known as the public key) and another key is used to decrypt the data (usually known as the private key).  The asymmetric encryption keys make PGP an ideal solution for sharing sensitive data.

Why Use PGP for File Transfers?

While most protocols used today (SFTP, FTPS, HTTPS, AS2, AS3, AS4, and PeSIT), are already secured and offer very good privacy, more security is needed to protect what organizations need to protect most – their sensitive data.  As confidential data in transferred files travels via the DMZ (demilitarized zone) and via the public internet, many organizations, especially those that need to satisfy compliance requirements around how files move, require an additional layer of protection by stipulating that all files be PGP encrypted.  PGP is usually regarded as an added layer of security in file transmissions out of an abundance of caution by security-conscious organizations.

PGP Features

PGP features related to file sharing:

• Multiple levels of encryption (key size) from 512 to 4096 bits. The larger the key, the harder it is to decrypt the data (processing overhead and resulting encrypted file will also be larger).
• Asymmetric cryptography. Different keys are used for encrypting and decrypting data.
• Armor Output Files. Armoring converts encrypted files into ASCII format using Base64 encoding. This makes the encrypted files safe for emailing, but they will be about 33% larger.
• Compressed Output Files.  Compression is applied to files resulting in smaller output files but requires more CPU and time to decode.
• Use Integrity Packet. Provides additional data integrity information in the encrypted file.

How to Use PGP Encryption in GoAnywhere MFT

MFT solutions with advanced workflows make PGP encryption easy to build into workflows, even multi-step, complex flows.

GoAnywhere MFT, from Fortra, provides both Encrypt and Decrypt Advanced Workflows and Project Tasks.

In the component library, under the PGP Task, look for the PGP Tasks.

PGP Encrypt/Decrypt tasks are used to handle the files. NOTE: PGP Sign/Verify does not encrypt the data but can be used to certify that certain data was indeed provided by a given publisher.

IBM i users can also easily use PGP as this short video details.

Digital Signatures

A trading partner may require that you additionally "sign" your files with your private key, which will embed a digital signature into those files. The trading partner will then use your public key to authenticate the files after they are received. Digital signatures allow the trading partner to ensure that you are the true originator of the files.

While a signed file is not encrypted, it is converted to a binary format that will prevent other applications from opening the file (for example, Microsoft Word or Adobe Acrobat Reader).

PGP Keys Storage

All PGP keys can be stored in GoAnywhere’s Key Managment System (KMS).

You can generate PGP keys directly in GoAnywhere or you can use any other open-source PGP tools available on the market today including GoAnywhere PGP Studio. 

Using a PGP Key Rings Resource to Managed Multiple Public Keys

Multiple public keys can be assembled in a PGP Key Ring. Some organizations may provide a key ring vs an individual public key. A PGP Key Ring resource can be defined in GoAnywhere to contain the file locations of the public and secret key rings for PGP.

This makes it easier for an admin or workflow designer to select the appropriate key rings, by simply choosing the key ring resource from a drop-down list when defining a Project (without needing to know the exact file location of the key rings).

NOTE: The Key Rings Resource is only available if file-based keys are enabled on the Domain. If the Domain is set to use only keys from the Key Management System (KMS), then PGP tasks will access keys in Key Vaults instead of this resource.

Conclusion

All secure file transfer protocols already offer protection and privacy in data transmission. And, as cybersecurity often requires a layered approach to help ensure a single failure or breach will not cause any privacy or data loss, PGP encryption is a simple and well-known process and a standard that should be used in addition to any secure file transfer protocol.

Additional PGP options, such as Armour, can make file transmission much more cross-platform compatible and PGP compression can further reduce the amount data to be transferred. GoAnywhere, as a comprehensive, secure MFT solution, supports all PGP functions, including Encrypt, Decrypt, Sign and Verify for both ease of use and security.