PGP Encryption Software Tools

How-to Automate File Transfer Using PGP and SFTP 

Open PGP Encryption Automation for Sensitive Files 

Automate Your Secure File Transfers with Diplomat MFT (In-built PGP Encryption Software Capabilities)

Are you looking for a secure and reliable way to transfer sensitive files? By using Diplomat MFT, we save save your business the hassle of needing separate PGP encryption software. Diplomat MFT supports PGP encryption as one of its many encryption options, which means that users can encrypt their files using PGP without needing to install and use separate PGP encryption software.

With our easy-to-use software, you can automate the PGP encryption and decryption process, ensuring that your files remain secure throughout the transfer process.

Using PGP Encryption software has numerous benefits, including increased security, improved compliance, and reduced risk of data breaches. Our software is trusted by companies of all sizes, from small businesses to Fortune 500 companies.

Why use OpenPGP?

Organizations must protect sensitive data, both when it is at rest—whether on-premises or in the cloud—and when it is in use. This is especially true when files containing sensitive data are being transferred from one location to another. Encryption keeps data safe in both instances by rendering it unreadable to anyone who might intercept it, or otherwise gain access to it.

OpenPGP is the file encryption used by Coviant Software to protect your sensitive files. OpenPGP is the standardized and fully compatible implementation of commercial PGPTM software, a widely adopted standard proven to be excellent at keeping data safe. The secure file transfer protocol (SFTP) keeps data safe on the wire when it is transferred between endpoints, preventing malicious actors from eavesdropping on or modifying the data in transit. Diplomat MFT secure managed file transfer software combines both OpenPGP and SFTP to keep data safe in motion and at rest.


What is the difference between OpenPGP and PGP™?

Often, when you hear someone say PGP™ they are referring to OpenPGP, as the two terms are typically used interchangeably.  The only real difference is that PGP is a trademarked term, while OpenPGP is the standard which PGP implements (as does Diplomat MFT). Don’t be confused or intimidated. If you need to “do PGP,” Diplomat MFT automates the process, making it easy.

What is Open PGP?

OpenPGP is a technology standard, defined by RFC 4880, that provides strong cryptography for content encryption and digital signatures. OpenPGP is a widely adopted standard for protecting sensitive information exchanged between parties, and for verifying the sender of those files. A file encrypted using OpenPGP is protected by strong cryptography and hash functions to verify that the contents are not changed during transmission or at rest. Diplomat MFT is an easy-to-use OpenPGP encryption solution for protecting files as a part of a data security management and compliance program.

How do companies use Open PGP?

Many companies use OpenPGP to protect the sensitive data that is transferred between systems.  Data such as payment card information, banking data, personally identifiable information, patient health care records, inter-company payments, intellectual property, and other sensitive information must be stored and transferred with strong cryptography to avoid financial or reputational penalties for data loss during data storage or transmission. Automated PGP encryption tools like Diplomat MFT make it easy to implement PGP encryption.

What is SFTP?

SFTP is a file transfer technology based upon the SSH standard.  SFTP is widely adopted across virtually every platform imaginable.  It supports strong authentication with passwords and cryptographic keys (called “SSH Keys”), ensuring that the identities of both client and server are verified for a file transfer.  SFTP provides strong encryption and integrity checking to ensure that transferred data is secure in transit, and arrives untampered at its destination.

Is PGP software?

PGP is not encryption software, but a protocol using standard algorithms to encrypt files to ensure they are visible only to intended recipients.  PGP is often used to ensure the confidentiality of data at rest (on a disk).  PGP can also be used to sign files so the recipient can verify the sender.  The standard is implemented by software in various PGP tools, and  integrated into products built to keep data secure, such as Diplomat MFT.

See “What algorithm does PGP use” in this FAQ for more information.

The Problem

How do companies manage Open PGP and SFTP File Transfer Workflows?
Often, Open PGP and SFTP workflows are handled with home-grown scripts or batch files sprawled across the organization.  Operation is fragile, maintenance is hard, and errors are common – and difficult to handle.  Scaling is impossible because these ad-hoc mechanisms were never designed for growth, and lack necessary Enterprise-grade features.  Managing the security is a daunting task, as cryptographic algorithms become obsolete and tools need to be updated.

The Solution: Diplomat MFT Software

If you need to encrypt or decrypt sensitive files using PGP, and transfer those files to internal systems or external partners, customers, or clients, then Diplomat Managed File Transfer will save you time, reduce human errors, and provide full auditing and alerting of those file transfers.

Rather than developing and maintaining fragile scripts to handle Open PGP encryptions, manage keys, and transfer files via SFTP, you can make a low-cost investment in Diplomat MFT in order to simply, and centralize your OpenPGP and SFTP business workflows.

Coviant Diplomat MFT has saved countless hours of productivity for hundreds of customers, handling thousands of file transfers across the globe every hour.  You can trust Coviant to automate your Open PGP and SFTP business workflows!

First Energy Case Study




PGP Encryption & Automation Commonly Asked Questions

How does PGP work?

PGP works through the clever application of two different cryptographic techniques: public key and symmetric key cryptography. Public Key cryptography is used to strongly identify a party (person or machine) using PGP. Public Key cryptography comprises two aspects of a single key:  the private portion, which is used to decrypt files encrypted with the public half of that key pair and/or to digitally sign a file, and a public portion which is distributed to anyone who wishes to encrypt data or verify the signature of the public half of that key pair.

Cryptography for public keys is slow, so it is used to encrypt the symmetric key. The symmetric key is what encrypts or decrypts the contents of the PGP payload.  Because the symmetric key is encrypted by the public key of a given party, only the intended recipient can unlock the symmetric key and read the data.  Symmetric key cryptography is much faster than public key cryptography, so the combination of the two makes for a very secure yet very efficient mechanism for securing and validating file data.

Can PGP encryption be cracked?

PGP offers encryption using unlimited key lengths for key exchanges and ciphers, with most systems limiting those to 4096 and 256 bits, respectively. Even with the fastest computers, it would take trillions of years to crack the code on a 256-bit encryption key.

What is the difference between PGP and GPG?

GPG is short for “GnuPG,” an open source implementation of the PGP protocol that provides a command line interface to perform PGP encryption, decryption, signing, verifying, and key management operations.  

What algorithm does PGP use?

The OpenPGP standard lists multiple algorithms for public key algorithms, including  RSA, Elgamal, and DSA.

The OpenPGP standard lists multiple algorithms for symmetric data encryption, including 3DES, IDEA, CAST5, BlowFish, TwoFish, AES (128,192, and 256-bit), and Camellia (128, 192, and 256-bit).

The OpenPGP standard lists multiple algorithms for hashes on the data (which are used for integrity checking and signatures), including  MD5, SHA-1, RIPE-MD/160, and SHA2 (224, 256, 384, and 512-bit).

The OpenPGP standard lists multiple algorithms for data compression, including  ZIP, ZLIP, and BZIP2.

It is important to note that only a few of these algorithms–DSA and Elgamal; 3DES; and SHA-1–are required to be implemented by the OpenPGP Standard. However, this minimal requirement is regarded as insecure because algorithms like 3DES and SHA-1 are considered “broken.”  Fortunately, many PGP implementations, such as Diplomat MFT, support all the algorithms of the OpenPGP standard public key algorithms (and a few additional ones, like Elliptic Curve).  Diplomat MFT is one such software that supports modern, secure algorithms in its PGP library.

Is Diplomat MFT technically PGP Encryption software?

Diplomat MFT is not technically PGP encryption software. While Diplomat MFT does support PGP encryption as one of its many encryption options, it is a managed file transfer (MFT) solution that provides a range of additional features beyond just encryption.

MFT solutions like Diplomat MFT are designed to provide a secure, reliable, and automated way to transfer files between different systems and platforms. In addition to encryption, MFT solutions typically provide features such as:

  • Secure protocols for file transfer, such as SFTP, FTPS, and HTTPS
  • Integration with various file storage systems, such as cloud storage, network file systems, and local file systems
  • Automation capabilities, such as scheduling, event triggers, and workflow automation
  • Auditing and reporting capabilities to track file transfers and ensure compliance

While PGP encryption is an important feature of Diplomat MFT and other MFT solutions, it is just one piece of the overall puzzle. MFT solutions like Diplomat MFT offer a more comprehensive approach to secure file transfer, ensuring that files are encrypted and transferred securely, reliably, and efficiently.

Does using Diplomat save the hassle of needing separate PGP Encryption Software?

Yes, using Diplomat MFT can save the hassle of needing separate PGP encryption software. Diplomat MFT supports PGP encryption as one of its many encryption options, which means that users can encrypt their files using PGP without needing to install and use separate PGP encryption software.

This can be a major advantage for users who want a more streamlined approach to secure file transfer, without the need to manage multiple software tools. With Diplomat MFT, users can encrypt, transfer, and manage their files all in one place, making it easier to ensure that files are secured and transferred reliably.

In addition, Diplomat MFT provides a range of other features beyond just encryption, including secure file transfer protocols, automation capabilities, and auditing and reporting capabilities. By using Diplomat MFT, users can benefit from a more comprehensive approach to secure file transfer, with all of the tools they need to ensure that their files are protected and transferred securely.

How do you automate PGP encryption and decryption?

PGP encryption is often handled by complex command line applications, which can be confusing and hard to remember, resulting in complex and fragile scripted solutions.  As a part of the secure managed file transfer process, Diplomat MFT serves as a simple PGP encryption solution that enables automated no-code encryption, decryption, signing, and verification with an intuitive interface.

Open-source PGP encryption tools like GnuPG (GPG) can be effective, but the reliance upon scripting–and the individuals who build and maintain those scripts–introduces fragility that weakens security and increases a company’s risk profile.

How do I set up PGP encryption?

To set up PGP, you need to generate your own Key Pair, which consists of both a public key and private key component.  You keep the private key to yourself, while the public key you can deliver to anyone who wishes to send data encrypted for only you.  If you wish to encrypt data for a given recipient, such that they are the only ones who can read it, you will need their public key.  Diplomat MFT provides an intuitive user interface to create, import, and export PGP keypairs and public keys, combining powerful PGP encryption with simplicity and ease of use.

Can I decrypt PGP with GPG?

GPG can be used to decrypt PGP files because it conforms to the OpenPGP standard.  Any message that is encrypted in the OpenPGP format can be decrypted by GPG or any other standard conforming PGP encryption tool. Diplomat MFT’s OpenPGP capabilities allows you to automate various operations like encrypting, decrypting, signing, and verifying.

Is PGP dead?

No!  PGP is alive and well, and an excellent choice for applying strong encryption. In fact, PGP is a security requirement for data transfers to and from many banks. Many of Coviant Software’s customers use Diplomat MFT to exchange PGP encrypted files with JP Morgan, Citi, Bank of America, and more.

What are benefits of PGP Encryption Software?

PGP (Pretty Good Privacy) encryption software offers several benefits for users who need to secure their sensitive data and communications. Here are some of the key benefits of using PGP encryption software:

  • Increased security: PGP encryption uses strong encryption algorithms to protect data, making it nearly impossible for unauthorized parties to access it. This makes it an ideal solution for securing sensitive information, such as financial data, medical records, and personal information.
  • Improved compliance: Many industries and organizations have regulations and compliance requirements that mandate the use of encryption to protect sensitive data. PGP encryption software can help organizations comply with these requirements by providing a secure way to transfer data.
  • Reduced risk of data breaches: With PGP encryption, even if a hacker gains access to a file, they will not be able to read it without the decryption key. This greatly reduces the risk of data breaches and protects sensitive data from falling into the wrong hands.
  • Ease of use: Modern PGP encryption software is designed to be user-friendly and easy to use, even for non-technical users. This means that anyone can use the software to secure their sensitive data, without requiring specialized knowledge or skills.
  • Wide compatibility: PGP encryption software is compatible with a wide range of operating systems and email clients, making it easy to use across different devices and platforms.

Overall, PGP encryption software provides a secure and reliable way to protect sensitive data and communications, making it an essential tool for businesses, organizations, and individuals who need to keep their information safe from prying eyes.

Is PGP Encryption software expensive?

The cost of PGP encryption software can vary depending on the specific product and licensing model. Some PGP encryption software is available for free, while others may require a one-time or recurring fee.

For example, the open-source software GnuPG, which is a popular implementation of PGP, is free to use and distribute. Other PGP encryption software, such as Symantec Encryption Desktop, requires a license and can cost several hundred dollars per user per year.

It’s important to note that the cost of PGP encryption software is just one factor to consider when evaluating different products. Other factors, such as ease of use, compatibility with other software and systems, and security features, may also be important considerations.

Overall, the cost of PGP encryption software should be weighed against the benefits it provides in terms of data security and compliance. For individuals and organizations that need to protect sensitive data, the cost of PGP encryption software is likely a small price to pay compared to the potential costs of data breaches or non-compliance with regulations.