PGP advice for beginner

I will be sending files to a company via ftp.  One of the requirements they have is to use PGP encryption.  I am new to PGP and encryption in general.

My understanding is that I will encrypt the file using pgp and they will decrypt the file with pgp when they receive it on their end.  How do I create the key and then share that with them so they can decrypt the file?  I've noticed in the documentation several references to the PGP Global Directory.  Are the keys stored there and referenced by email address or some other means for sharing?  I will also be receiving files from them that will have to be decrypted.

What PGP product will I need to accomplish encrypting of files?  I will not be using it for email or any other purpose other than to encrypt/decrypt and ftp files from our server to theirs and vice-versa.  I would like to automate this process, either through foxpro, which I use to create the files, or through DOS.  I have signed up for the free trial of Desktop to try to learn more about PGP before the company purchases it.

Any advice/suggestions/references are greatly appreciated.
LVL 4
wigmeisterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pcelbaCommented:
Start here http://en.wikipedia.org/wiki/Pretty_Good_Privacy
and then you may continue here http://www.example-code.com/foxpro/encryption.asp

Each good commercial software should come together with development library to allow its incorporation to inhouse applications. Your app should simply call some public DLL interface to encrypt/decrypt the file.

I believe you'll receive better answer in the meantime.
0
Dave HoweSoftware and Hardware EngineerCommented:
you don't create the key then share it with them - they create the key and share it with you.

each key has two parts - a private key and a public key. the public key should be sent to you, as you will need it to encrypt the files sent to them.

use the free product gpg (www.gpg4win.org) instead of pgp - its easier to automate, and significantly cheaper. both that and pgp desktop use the exact same encryption method.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jrbbldrCommented:
I have used both PGP and GPG (the equally compatible free version) and echo Dave's suggestion above.

The PGP Desktop takes over the user's PC even if it is configured not to do so.
GPG4Win is MUCH cleaner and easy to use.

Good Luck

0
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

pcelbaCommented:
I would say each good encryption requires two encryption steps - the first one with your private key and the second with public key of the recipient. The recipient then uses his private key and your public key to decrypt the file/message. This scenario will minimize the possibility of unvanted decrypting by unauthorised person and verifies the sender.

If you are sending files inside one company then sufficient could be just one step encryption as described by DaveHowe.
0
wigmeisterAuthor Commented:
So I can use GPG on my end with them using PGP on their end and it will work properly without them knowing the difference?  

The statement jrbbldr made about taking over the machine concerns me.  That is one of my worries is that pgp may encrypt emails, drives, etc on the server it is installed on, which I definitely do not want.  Right now I'm doing my testing from my laptop on the network to figure out how to use pgp (or gpg), but it will be put on a server once my testing is done.  

Should I have any other areas of concern, things to keep in mind?
0
Dave HoweSoftware and Hardware EngineerCommented:
pcelba: oddly enough, that's usually built in as sign-and-encrypt - and is fine for a manual process, but less suited to an automated (scripted) one due to password management issues.

wigmeister: yes, you can encrypt with gpg, and they can decrypt with pgp (or vice versa) - but its entirely possible when they *say* pgp they actually mean they are using gpg - its easier, cleaner, and significantly cheaper.

the additional functionality of pgp desktop doesn't actually take effect unless you select it - and to be honest, there is much additional functionality in gpg4win too (you don't actually need the whole of gpg4win, its just a convenient installer and comes with gui tools to set up and maintain keys)

pgp enterprise is designed for centralized control though, so can be more intrusive - but I doubt you would buy that anyhow :)

given the (lack of) cost, I would suggest you just get the public key from your correspondent, and try it  :)
0
jrbbldrCommented:
PGP Desktop will not automatically encrypt your emails, but it does indeed get its "tentacles" into my email client.

If I disable the PGP Desktop Service, my email client will not work properly despite the fact that it is configured to NOT work on my email.   As long as the Service is enabled, things work OK.

As I mentioned above, if I could do it again I'd steer away from PGP (the Official version) and lean towards GPG.   As it is now I cannot even uninstall PGP without it causing problems with my email client.

Good Luck

0
Dave HoweSoftware and Hardware EngineerCommented:
yeah, the gpg4win outlook plugin is much better behaved than the one from pgp desktop.
0
wigmeisterAuthor Commented:
Thanks.  It was a big help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.