PGP Encryption Software

How-to Automate File Transfer Using PGP and SFTP 

Open PGP Encryption Automation for Sensitive Files 

“Diplomat enabled us to take two time-consuming and inefficient processes – encrypting and setting up file transfers – and make them one single, automated process that supports Allegheny’s business requirements.”
Ryan Andrews

Senior IT Security Analyst, Allegheny Energy

What is Open PGP?

Open PGP is a technology that provides strong cryptography for encryption and digital signatures.  The Open PGP standard is widely adopted standard for protecting sensitive information exchanged between parties, and for verifying the sender of those files.  A file encrypted using Open PGP is protected by strong cryptography and hash functions to verify that the contents are not changed during transmission.

How do companies use Open PGP?

Many companies use Open PGP to protect the sensitive data that is transferred between systems.  Data such as payment card information, personally identifiable information, patient health care records, inter-company payments, and other sensitive information must be stored and transferred with strong cryptography to avoid financial or reputational penalties for data loss during data storage or transmission.

What is SFTP?

SFTP is a file transfer technology based upon the SSH standard.  SFTP is widely adopted across virtually every platform imaginable.  It supports strong authentication with passwords and cryptographic keys (called “SSH Keys”), ensuring that the identities of both client and server are verified for a file transfer.  SFTP provides strong encryption and integrity checking to ensure that transferred data is secure in transit, and arrives untampered at its destination.

How do companies use SFTP?

Companies use the SFTP protocol to transfer files between internal systems, and with external customers, suppliers, and trading partners.  SFTP is a ubiquitous protocol, available on modern and legacy computer systems.  SFTP is firewall-friendly, because all file transfers require only a single port open on the firewall (typically, port 22).  As a result, SFTP is a very popular choice for file transfers.

The Problem

How do companies manage Open PGP and SFTP File Transfer Workflows?
Often, Open PGP and SFTP workflows are handled with home-grown scripts or batch files sprawled across the organization.  Operation is fragile, maintenance is hard, and errors are common – and difficult to handle.  Scaling is impossible because these ad-hoc mechanisms were never designed for growth, and lack necessary Enterprise-grade features.  Managing the security is a daunting task, as cryptographic algorithms become obsolete and tools need to be updated.

The Solution: Diplomat MFT Software

If you need to encrypt or decrypt sensitive files using PGP, and transfer those files to internal systems or external partners, customers, or clients, then Diplomat Managed File Transfer will save you time, reduce human errors, and provide full auditing and alerting of those file transfers.

Rather than developing and maintaining fragile scripts to handle Open PGP encryptions, manage keys, and transfer files via SFTP, you can make a low-cost investment in Diplomat MFT in order to simply, and centralize your OpenPGP and SFTP business workflows.

Coviant Diplomat MFT has saved countless hours of productivity for hundreds of customers, handling thousands of file transfers across the globe every hour.  You can trust Coviant to automate your Open PGP and SFTP business workflows!

Case Study: Allegheny Energy, Inc.

BACKGROUND

Allegheny Energy is an electric utility headquartered near Pittsburgh, Pennsylvania, with
over $3 billion in annual revenues and more than 4,000 employees. It owns and operates
generating facilities with almost 10,000 megawatts of generating capacity and delivers
electric service to approximately 1.5 million customers in Pennsylvania, West Virginia,
Maryland, and Virginia.

 

PGP Encryption & Automation Commonly Asked Questions

How does PGP work?

PGP works through the clever application of two different cryptographic techniques:  public key and symmetric key cryptography.   Public Key cryptography is used to strongly identify a party (person or machine) using PGP.  Public Key cryptography comprises two aspects of a single key:  the private portion, which decrypts files encrypted for that party and/or digitally signs a file on behalf of that party, and a public portion which is distributed to anyone who wishes to encrypt data for that party, or who wishes to verify the identity of that party.

The cryptography for public keys is very slow, so it is used to sign and protect the secure payload which is encrypted with the symmetric key.  This symmetric key is what is able to decrypt the contents of the PGP payload.  Because the symmetric key is encrypted by the public key of a given party, only the intended recipient can unlock the symmetric key and read the data.

Can PGP encryption be cracked?

PGP offers encryption using unlimited key lengths for key exchanges and ciphers, with most systems limiting those to 4096 and 256 bits, respectively. Even with the fastest computers, it would take trillions of years to crack the code on a 256-bit encryption key.

What is the difference between PGP and GPG?

GPG is short for “GnuPG,” an open source implementation of the PGP protocol that provides a command line interface to perform PGP encryption, decryption, signing, verifying, and key management operations.  

What algorithm does PGP use?

The OpenPGP standard lists multiple algorithms for public key algorithms, including  RSA, Elgamal, and DSA.

The OpenPGP standard lists multiple algorithms for symmetric data encryption, including 3DES, IDEA, CAST5, BlowFish, TwoFish, AES (128,192, and 256-bit), and Camellia (128, 192, and 256-bit).

The OpenPGP standard lists multiple algorithms for hashes on the data (which are used for integrity checking and signatures), including  MD5, SHA-1, RIPE-MD/160, and SHA2 (224, 256, 384, and 512-bit).

The OpenPGP standard lists multiple algorithms for data compression, including  ZIP, ZLIP, and BZIP2.

It is important to note that only a few of these algorithms–DSA and Elgamal; 3DES; and SHA-1–are required to be implemented by the OpenPGP Standard. However, this minimal requirement is regarded as insecure because algorithms like 3DES and SHA-1 are considered “broken.”  Fortunately, many PGP implementations, such as Diplomat MFT, support all the algorithms of the OpenPGP standard public key algorithms (and a few additional ones, like Elliptic Curve).  Diplomat MFT is one such software that supports modern, secure algorithms in its PGP library.

How do you automate PGP encryption and decryption?

PGP encryption is often handled by complex command line applications, which can be confusing and hard to remember.  Diplomat MFT enables simple point-and-click encryption, decryption, signing, and verification with an intuitive interface.

How do I set up PGP encryption?

To set up PGP, you need to generate your own Key Pair, which consists of both a public key and private key component.  You keep the private key to yourself, while the public key you can deliver to anyone who wishes to send data encrypted for only you.  If you wish to encrypt data for a given recipient, such that they are the only ones who can read it, you will need their public key.   Diplomat MFT provides an intuitive user interface to create, import, and export PGP keypairs and public keys.

Can I decrypt PGP with GPG?

GPG can be used to decrypt PGP files because it conforms to the OpenPGP standard.  Any message that is encrypted in the OpenPGP format can be decrypted by GPG or any other standard conforming tool, like Diplomat MFT, which automates the use of proper command line syntax for the various operations like encrypting, decrypting, signing, and verifying.

Is PGP dead?

No!  PGP is alive and well, and an excellent choice for applying strong encryption. In fact, PGP is a security requirement for data transfers to and from many banks. Many of Coviant Software’s customers use Diplomat MFT to exchange PGP encrypted files with JP Morgan, Citi, Bank of America, and more.

Tools, Time, and Managed File Transfers

Good tools make life and work easier. Diplomat MFT managed file transfer software is a great tool for sending and receiving business critical files reliably and securely.

Take a Walk Down Main Street: The Corner Flower Shop

Whether a large healthcare network or a corner flower shop, managed file transfer is an important part of running any successful business.

Industry News: Coviant Software CEO Greg Hoffer Talks with Cyber Defense Magazine

Coviant Software CEO Greg Hoffer is interviewed for Cyber Defense TV’s Hot Seat feature.

Relentless Dedication to Managed File Transfer Excellence

It takes a lot of hard work to become number one in managed file transfer. It takes ever more to stay on top. Coviant Software is up for the challenge.