Secure File Transfers & PGP Encryption Tutorial
This blog post shares some tips on how to set up secure file transfer with Bank of America based on our experience assisting customers with this process. Bank of America often requires its customers and partners to exchange files over the Internet using software that conforms to industry standards for file encryption and transmission. A common example is using Bank of America’s B2Bi1 SFTP system for exchanging CashPro Connect payment files for ACH and Wire Transfers, retrieving the resulting status report XML files, and other such transactions.
Different departments within Bank of America support a range of technical options, but the combination of PGP for file encryption and SFTP for file transfer is one of the combinations most broadly supported by Bank of America. We have used PGP and secure FTP in our example below.
All Diplomat Managed File Transfer products allow you to automate jobs that use PGP for file encryption/decryption and secure FTP for file transfer. For important financial transactions like these, a minimum of Diplomat MFT Standard Edition is required. If you need greater capabilities for a broader, more strategic investment, like more extensive integrations, visibility and database-driven auditing, endpoint management, multiple administrators, and much more, then the Enterprise Edition would be more appropriate. Of course, you can always get a recommendation for which Diplomat MFT Edition fits your needs.
Step 1: Receive technical information from Bank of America
Bank of America creates and sends its clients the following information needed to encrypt and transfer files.
- Hostname / IP Address: Location of the secure FTP server managed by Bank of America.
- Port Number: Port number to connect to the secure FTP server.
- Username: Username of your secure FTP account created by Bank of America.
- Password: Password for your secure FTP account created by Bank of America.
- Directory: Directory that you need to read files from or write files to. For example, you might send payments files to incoming/edirapid or retrieve status reports from the outgoing directory. Pay close attention to your Bank of America email for these details.
- PGP Public Key: A text file containing Bank of America’s public PGP key. This is typically available through their online portal but is also delivered as a zipped email attachment.
Step 2: Install Diplomat MFT
Install Diplomat MFT on a server in your internal network, next to your existing file servers and application servers, such as CashPro Connect. After installation, you will need to assign a service account before starting Diplomat MFT for the first time. The service account is the username and password if a network identity that will be used by Diplomat to access local resources when file transfer jobs are executed.
The service account needs to have privileges that allow it to read files from source locations and write files to destination locations, such as network shared folders. When you complete the installation, you can confirm the network identity is associated with Diplomat by checking the service properties of the Diplomat MFT 64 service under Administrative Tools.
Click above to view a video on how to associate a network identity with Diplomat
Step 3: Import the Bank of America public PGP key
Save the file containing Bank of America’s public key in the C:/ProgramData/Coviant Software/Diplomat-j/keys directory. You can read more on how to use PGP keys.
Open the Diplomat MFT Client which will be used to enter all the settings for your file transfer job.
In the Diplomat Client, select Keys > OpenPGP Keys > Import Public Keys to import Bank of America’s public PGP key. Browse to the file you just saved in the C:/ProgramData/Coviant Software/Diplomat-j/keys directory.
The default Key ID in Diplomat is the User ID from the public key. You can override the default Key Name by typing over the User ID in the Key Name field. Click OK.
View a video on how to import PGP keys into Diplomat >>
Step 4: Create a job to PGP encrypt and send files to Bank of America
Create a new transaction by selecting Transactions > Create Outbound Transaction. Enter the name (label) for this job you would like to see displayed in the left-hand navigation.
In the File Information panel, enter the name of the file that you would like to encrypt, such as *.xml or others. You can use wildcards to select more than one file. Select overwrite, if you want the file encryption job to overwrite existing files on Bank of America’s secure FTP server.
View a video on how to create a new outbound Transaction in Diplomat
Step 5: Set source and destination file transfer parameters
Each Diplomat transaction has a Source Partner Profile and a Destination Partner Profile. In this example, source files are picked up from the local network and written to Bank of America’s secure FTP server.
In the Source Partner Profile panel, select Local Network for Transport Type and enter the location of the file that you would like to pick up (e.g., C:/BankOfAmerica).
In the Destination Partner Profile panel, select SFTP for Transport Type, then enter the login information received from Bank of America. You can change the Transport Type to use either FTPS or SFTP.
Step 6: Enter PGP encryption parameters
In the File Handling panel, check the PGP Encrypt checkbox. Use the drop down to select Bank of America’s key from the list.
If you are encrypting a text file, select ASCII as the source file format. The destination file format is automatically set to Binary.
View a video on how to enter PGP encryption parameters
Step 7: Run a test outbound job
Check that the file encryption and transfer job is set up correctly by selecting the Run Now button in the Job Schedule panel. You can watch the execution of the job in a pop-up window.
View a video on how to set test PGP encryption jobs using Run Now
Step 8: Schedule encryption and file transfer jobs
In the Job Schedule panel, select when you want file transfer jobs to execute. Once the job is scheduled to run automatically, you will not have a pop-up window to view job status. To check job completion status, go to File > Logs and select the log file covering the time when the job ran. Then, filter the log file to find the exact entries for the job that you ran. Also, Diplomat MFT Standard Edition can monitor the local source path for new files so that it becomes a hot folder rather than relying on a schedule, and it can provide email notifications as well as Slack or MS Teams alerts when jobs run. Diplomat MFT Enterprise Edition includes a real-time job monitor and much more.