PGP Tutorial: How-to Replace PGP command line tool
If you have batch scripts that execute PGP commands and want a PGP solution that is easier to maintain, you can replace your command line tool in 10 simple steps
You can minimize the impact of replacing PGP command line tools, like McAfee E-Business Server or Symantec PGP Command Line, by using Diplomat Managed File Transfer Solution. Its intuitive user interface requires no special skills. Rather than entering detailed parameters into each PGP command, you configure a few simple parameters in a Diplomat transaction. When you want to execute the transaction, the only command line parameter needed is a Transaction ID. Or you can automate the process using the flexible and powerful job scheduler.
Here are the 10 steps to replace a PGP command line job that encrypts a file and sends it to a trading partner’s FTP server.
Step 1: Install Diplomat Managed File Transfer Solution.
Install Diplomat Diplomat MFT Standard Edition in a central location on your network. Since Diplomat MFT can pick up and drop off files throughout your network, you do not need to install it on multiple systems.
During the installation, you will be prompted for a network username and password that will be used by Diplomat MFT when PGP encryption jobs are executed.
The network identity needs to have privileges that allow it to read files from source locations and write files to destination locations. When you complete the installation, you can confirm the network identity is associated with Diplomat MFT by checking the service properties of the Diplomat MFT 64 service under Administrative Tools.
Step 2: Import your PGP keys.
First, open the Diplomat MFT Client which will be used to enter all the settings for your PGP encryption job.
In the Diplomat Client, select Keys > OpenPGP Keys > Public Keys to import your trading partners’ public keys. Now is a good time to prune any unused keys. When the keys in your key ring are displayed, uncheck any keys that you do not want to import. The default Key ID in Diplomat is the User ID from the public key. You can override the default Key Name by typing over the User ID in the Key Name field. Click OK.
To import your private PGP keys, select Keys > OpenPGP Keys > Import Private Key Pairs. Your private keys will be displayed. You will need to enter the passphrases for each key that you want to import. Again, the default Key ID in Diplomat is the User ID in the key, which you can override if desired. Click OK.
Step 3: Create an outbound transaction.
In the File Information panel, enter the name of the file that you would like to encrypt. You can use wildcards to select more than one file. Select overwrite, if you want the file encryption job to overwrite existing files.
Step 4: Set source and destination file transfer parameters.
In the Source Partner Profile panel, select the location of the file that you would like to pick up. In this case, the files are located in a directory on the C:\ drive. In the Destination Partner Profile panel, select the location where the encrypted file will be written.
Step 5: Enter PGP encryption parameters.
In the File Handling panel, you have checkboxes to PGP encrypt, sign, add ASCII-armoring, compress and convert to canonical text. Check the ones you want to apply for this file encryption job. Use the drop down to select the encryption key from the list.
To also encrypt to your own private PGP key pair, select your encryption key from the list in the Additional OpenPGP Encryption Keys field.
If you are encrypting a text file, select ASCII as the source file format. The destination file format is automatically set to Binary.
Step 6: Run a test PGP encryption job.
Once you schedule the file encryption job to run automatically, you will not have a pop-up window to view job status. To receive job status email, you must set up an email account for sending notifications under Settings > Global > Email Notifications. Use the Test button on the Email Notifications screen to ensure your email settings are correct.
Under Settings > Global > IT Support Email Notifications, enter addresses to receive job status email. IT Support emails contain a summary similar to the content in the Run Now window, as well as detailed log entries for the job.
Step 7: Set to use 3rd party scheduling.
At the bottom of the transaction screen, click Validate to ensure the transaction does not have any errors.
Step 8: Test the PGP encryption job can be executed at the command line.
Use the Diplomat Scripting Agent to run the file encryption job by opening a command window and executing a batch file containing the Scripting Agent call to start the PGP encryption job. Click here for a detailed FAQ on the Diplomat Scripting Agent.
You can confirm that the job ran successfully by checking email.
Step 9: Replace each PGP command.
After you are certain that the file encryption job is set up correctly, you can replace the existing PGP command with a Diplomat command.
Step 10: Updates to file transfer jobs.
Updates to file encryption jobs always are made using the Diplomat Client. Once you have replaced your PGP commands with Diplomat commands, you will not need to make any further changes to your PGP scripts. Changes like updating your partner’s public key, changing passwords or email addresses would all be handled within the Diplomat Client.