Configuring PGP

By using PGP (Pretty Good Privacy), you can encrypt, compress, and sign data. MFT fully supports PGP on all of its transfer protocols (both incoming and outgoing).

For more information about PGP, see the following topics:

About PGP

This section describes the process of configuring PGP for MFT Internet Server transfers.

Note: MFT Internet Server performs PGP encryption and decryption in a streamed mode, not in a store and forward mode. Interim data is never written to disk.

Before starting with the MFT instructions, let us look at the following example to understand the basic overview of PGP. Let us assume that user A wants to PGP encrypt and sign a file that will be sent to user B.

Before we start to encrypt and decrypt data:

  • User A needs to send its PGP public key to user B.

  • User B needs to send its PGP public key to user A.

How PGP Works

  • User A uses PGP encryption to send data using the public key of user B.

  • User A uses PGP sign to send the data with the private key of user A.

  • User B decrypts the data using its system key. Only users with the system key and passphrase associated with the public key that encrypted the file can decrypt the file. That is what makes PGP so secure.

  • User B verifies the file signature using the public key associated with the private key of User A. Hence, any user with access to the public key of User A can verify the signature.

  • The advantages of PGP file encryption and compression are simple. Signing files is not as simple. Signing provides non-repudiation of files. It verifies that a file comes from a trusted source.

When to Use PGP?

See the following guidelines on when to use PGP:

  • A file contains confidential or secure data.

  • A file contains financial transactions.

  • To secure files sent through unsecure protocols like FTP.

  • To save data on disk in a PGP-encrypted format.

Note: Many customers use PGP encryption to double-encrypt data. You can use a secure protocol like SSH (SFTP). All data transmitted over SFTP is encrypted. PGP encrypts and signs the file to be sent. Using SSH with PGP double-encrypts the data and provides the most secure way to transfer critical data. PGP signatures verify that the file was encrypted and signed by a valid sender.

To Configure a PGP

MFT Internet Server supports PGP encryption, compression, and signing in a streamed mode. The MFT Internet Server supports PGP encryption in the following ways:

  • When a client sends or receives PGP encrypted files to MFT Internet Server or from MFT Internet Server. MFT uses PGP to decrypt data received from the client and MFT uses PGP to encrypt data sent to the client. In this case, you must associate the user's PGP public key with the user performing the file transfer.

  • When MFT Internet Server sends or receives PGP encrypted files to a target server or from a target server. MFT uses PGP to decrypt data received from the server and MFT uses PGP to encrypt data sent to the server. In this case, you must associate the target server's PGP public key with the server configured in the transfer definition.

The methods in which MFT Internet Server supports PGP encryption are configured differently.

To configure PGP, complete the following steps.

    Procedure

  1. Create a PGP system key.

  2. Configure the public key: Client sends or receives PGP-encrypted data.

  3. Configure the public key: Client sends or receives PGP-encrypted data with target server.

  4. Client sends PGP-encrypted data to MFT Internet Server.

  5. Client receives PGP-encrypted data from MFT Internet Server.

  6. MFT Internet Server sends PGP-encrypted data to a target server.

  7. MFT Internet Server receives PGP-encrypted data from a target server.