How to Replace PGP Command Line Tools

PGP Tutorial: How-to Replace PGP command line tool

If you have batch scripts that execute PGP commands and want a PGP solution that is easier to maintain, you can replace your command line tool in 10 simple steps

You can minimize the impact of replacing PGP command line tools, like McAfee E-Business Server or Symantec PGP Command Line, by using Diplomat Managed File Transfer Solution. Its intuitive user interface requires no special skills. Rather than entering detailed parameters into each PGP command, you configure a few simple parameters in a Diplomat transaction. When you want to execute the transaction, the only command line parameter needed is a Transaction ID.  Or you can automate the process using the flexible and powerful job scheduler.

Here are the 10 steps to replace a PGP command line job that encrypts a file and sends it to a trading partner’s FTP server.

Step 1: Install Diplomat Managed File Transfer Solution.

Install Diplomat Diplomat MFT Standard Edition in a central location on your network. Since Diplomat MFT can pick up and drop off files throughout your network, you do not need to install it on multiple systems.

During the installation, you will be prompted for a network username and password that will be used by Diplomat MFT when PGP encryption jobs are executed.


The network identity needs to have privileges that allow it to read files from source locations and write files to destination locations. When you complete the installation, you can confirm the network identity is associated with Diplomat MFT by checking the service properties of the Diplomat MFT 64 service under Administrative Tools.

View a video on how to associate a network identity with Diplomat MFT Solution>>


Step 2: Import your PGP keys.

Diplomat Client Home PageFirst, open the Diplomat MFT Client which will be used to enter all the settings for your PGP encryption job.






In the Diplomat Client, select Keys > OpenPGP Keys > Public Keys to import your trading partners’ public keys. Now is a good time to prune any unused keys. When the keys in your key ring are displayed, uncheck any keys that you do not want to import. The default Key ID in Diplomat is the User ID from the public key. You can override the default Key Name by typing over the User ID in the Key Name field. Click OK.

To import your private PGP keys, select Keys > OpenPGP Keys > Import Private Key Pairs. Your private keys will be displayed. You will need to enter the passphrases for each key that you want to import. Again, the default Key ID in Diplomat is the User ID in the key, which you can override if desired. Click OK.

View a video on how to import PGP keys into Diplomat MFT Solution>>


Step 3: Create an outbound transaction.

video-image1-playIn the Diplomat Client, create a new transaction by selecting Transactions > Create Outbound Transaction. Enter the Transaction ID you would like to see displayed in the left-hand navigation.

In the File Information panel, enter the name of the file that you would like to encrypt. You can use wildcards to select more than one file. Select overwrite, if you want the file encryption job to overwrite existing files.

View a video on how to create a new outbound transaction in Diplomat MFT Solution>>


Step 4: Set source and destination file transfer parameters.

video-image1-playEach Diplomat transaction has a Source Partner Profile and a Destination Partner Profile. In our example, source files are picked up from the local network and written to an FTP server.

In the Source Partner Profile panel, select the location of the file that you would like to pick up. In this case, the files are located in a directory on the C:\ drive. In the Destination Partner Profile panel, select the location where the encrypted file will be written.


View a video on how to set source and destination parameters>>


Step 5: Enter PGP encryption parameters.


In the File Handling panel, you have checkboxes to PGP encrypt, sign, add ASCII-armoring, compress and convert to canonical text. Check the ones you want to apply for this file encryption job. Use the drop down to select the encryption key from the list.

To also encrypt to your own private PGP key pair, select your encryption key from the list in the Additional OpenPGP Encryption Keys field.

If you are encrypting a text file, select ASCII as the source file format. The destination file format is automatically set to Binary.

View a video on how to enter PGP encryption parameters>>


Step 6: Run a test PGP encryption job.

video-image1-playCheck that the file encryption job is set up correctly by selecting the Run Now button in the Job Schedule panel. You can watch the execution of the job in a pop-up window.

View a video on how to set test PGP encryption jobs using Run Now>>





Once you schedule the file encryption job to run automatically, you will not have a pop-up window to view job status. To receive job status email, you must set up an email account for sending notifications under Settings > Global > Email Notifications. Use the Test button on the Email Notifications screen to ensure your email settings are correct.

Under Settings > Global > IT Support Email Notifications, enter addresses to receive job status email. IT Support emails contain a summary similar to the content in the Run Now window, as well as detailed log entries for the job.

View a video on how to set up email notifications>>

Step 7: Set to use 3rd party scheduling.

video-image1-playIn the Job Schedule panel, check Use 3rd Party Scheduling.

At the bottom of the transaction screen, click Validate to ensure the transaction does not have any errors.

Click Save.

View a video on how to set 3rd party scheduling>>


Step 8: Test the PGP encryption job can be executed at the command line.

video-image1-playUse the Diplomat Scripting Agent to run the file encryption job by opening a command window and executing a batch file containing the Scripting Agent call to start the PGP encryption job. Click here for a detailed FAQ on the Diplomat Scripting Agent.

You can confirm that the job ran successfully by checking email.

View a video on how to test the job with Diplomat Scripting Agent>>


Step 9: Replace each PGP command.

Screen Shot 2014-01-02 at 4.09.17 PMAfter you are certain that the file encryption job is set up correctly, you can replace the existing PGP command with a Diplomat command.



Step 10: Updates to file transfer jobs.

Updates to file encryption jobs always are made using the Diplomat Client. Once you have replaced your PGP commands with Diplomat commands, you will not need to make any further changes to your PGP scripts. Changes like updating your partner’s public key, changing passwords or email addresses would all be handled within the Diplomat Client.