In this tutorial you will learn how to encrypt and sign files using Open PGP.
Open PGP encryption enables you to store sensitive information or transmit that information across insecure networks, such as the internet or email, so that it cannot be read by anyone except the intended recipient.
A public key is used to encrypt a file and verify a signature. A private key is used by the owner to decrypt and to add a digital signature to files.
A key ring, otherwise known as a key store, is a small digital file that can store one or more keys. Public keys are stored in public key rings and private keys are stored in secret key rings.
You can manage Open PGP keys through the GoAnywhere Key Manager. You can access the Open PGP Key Manager through the Encryption drop-down menu.
To get started, let's encrypt a file that we can send to our trading partner. You will need your trading partner's public key to encrypt the file. Your trading partner will use their private key to decrypt the file once it is received.
If you have not done so already, import your trading partner's public key into the Open PGP Key Manager. Then create a new Project and add the PGP Encrypt task to the Project Outline.
On the PGP Encrypt task, select the appropriate Open PGP Key Ring from the drop-down menu. If you do not have a Key Ring Resource defined, you can click on the Create button to add a new one.
Then, enter the Input File location which can be a local file on the GoAnywhere server, a UNC path, an NFS mount, or an SMB/CIFS network server. You will also need to enter the Output File location for the encrypted file. Typically the file extension will end with ".pgp".
While still on the PGP Encrypt task, click on the Add sub-menu and select the Add a Public Key option. For the Key ID field, click on the ... button to browse your key ring to select the public key for your trading partner.
Now you have a Project that can be used to encrypt a file to be sent to your trading partner.
Digital signatures allow the trading partner to ensure that you are the true originator of the files. Signing a file is only needed if your trading partner requires that you additionally sign your files with your private key. This will embed a digital signature into those files and the trading partner will use your public key to authenticate your identity when decrypting the files.
To add a signature, right click on the PGP Encrypt task in the Project Outline and select the Add a Secret Key option. On the Key ID field, browse to select your private key and enter the Passphrase of the key. If you do not have a private key, you can create one in the Open PGP Key Manager.
To test the Project, click on the Execute button which will save the Project, validate all fields are configured properly (also known as compiling), and begin Project execution.
Once complete, you will see messages indicating that the Job completed successfully along with a link to view the Job Log. You can now share that file with your trading partner using FTP, SFTP, email, or another means. You can review the Job Log for more information on what took place.