OpenPGP keys, often referred to as “PGP” keys, are used to encrypt and sign outbound files and to decrypt and verify inbound files.
PGP encryption protects the contents of a file. PGP signatures verify the authenticity of the file’s sender and provides non-repudiation, which prevents the sender from claiming that he or she did not actually send the file.
OpenPGP keys are created as private key pairs, which must be kept secret and never distributed. The public portion of an OpenPGP key pair can be exported to a file to be sent to trading partners. When you establish a relationship with a trading partner, you send each other only OpenPGP public keys.
When you send an encrypted and signed file to your trading partner, you encrypt the file with your trading partner’s public key and sign it with your private key pair. You can automate jobs to encrypt and sign files to be sent to your trading partners for free using Diplomat OpenPGP Community Edition.
When you receive an encrypted and signed file from your trading partner, you decrypt the file with your private key pair and verify the signature with your trading partner’s OpenPGP public key. Diplomat OpenPGP Community Edition also lets you automate decryption and verification of files that you receive from your trading partners.