wigmeister
asked on
PGP advice for beginner
I will be sending files to a company via ftp. One of the requirements they have is to use PGP encryption. I am new to PGP and encryption in general.
My understanding is that I will encrypt the file using pgp and they will decrypt the file with pgp when they receive it on their end. How do I create the key and then share that with them so they can decrypt the file? I've noticed in the documentation several references to the PGP Global Directory. Are the keys stored there and referenced by email address or some other means for sharing? I will also be receiving files from them that will have to be decrypted.
What PGP product will I need to accomplish encrypting of files? I will not be using it for email or any other purpose other than to encrypt/decrypt and ftp files from our server to theirs and vice-versa. I would like to automate this process, either through foxpro, which I use to create the files, or through DOS. I have signed up for the free trial of Desktop to try to learn more about PGP before the company purchases it.
Any advice/suggestions/referen
My understanding is that I will encrypt the file using pgp and they will decrypt the file with pgp when they receive it on their end. How do I create the key and then share that with them so they can decrypt the file? I've noticed in the documentation several references to the PGP Global Directory. Are the keys stored there and referenced by email address or some other means for sharing? I will also be receiving files from them that will have to be decrypted.
What PGP product will I need to accomplish encrypting of files? I will not be using it for email or any other purpose other than to encrypt/decrypt and ftp files from our server to theirs and vice-versa. I would like to automate this process, either through foxpro, which I use to create the files, or through DOS. I have signed up for the free trial of Desktop to try to learn more about PGP before the company purchases it.
Any advice/suggestions/referen
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have used both PGP and GPG (the equally compatible free version) and echo Dave's suggestion above.
The PGP Desktop takes over the user's PC even if it is configured not to do so.
GPG4Win is MUCH cleaner and easy to use.
Good Luck
The PGP Desktop takes over the user's PC even if it is configured not to do so.
GPG4Win is MUCH cleaner and easy to use.
Good Luck
I would say each good encryption requires two encryption steps - the first one with your private key and the second with public key of the recipient. The recipient then uses his private key and your public key to decrypt the file/message. This scenario will minimize the possibility of unvanted decrypting by unauthorised person and verifies the sender.
If you are sending files inside one company then sufficient could be just one step encryption as described by DaveHowe.
If you are sending files inside one company then sufficient could be just one step encryption as described by DaveHowe.
ASKER
So I can use GPG on my end with them using PGP on their end and it will work properly without them knowing the difference?
The statement jrbbldr made about taking over the machine concerns me. That is one of my worries is that pgp may encrypt emails, drives, etc on the server it is installed on, which I definitely do not want. Right now I'm doing my testing from my laptop on the network to figure out how to use pgp (or gpg), but it will be put on a server once my testing is done.
Should I have any other areas of concern, things to keep in mind?
The statement jrbbldr made about taking over the machine concerns me. That is one of my worries is that pgp may encrypt emails, drives, etc on the server it is installed on, which I definitely do not want. Right now I'm doing my testing from my laptop on the network to figure out how to use pgp (or gpg), but it will be put on a server once my testing is done.
Should I have any other areas of concern, things to keep in mind?
pcelba: oddly enough, that's usually built in as sign-and-encrypt - and is fine for a manual process, but less suited to an automated (scripted) one due to password management issues.
wigmeister: yes, you can encrypt with gpg, and they can decrypt with pgp (or vice versa) - but its entirely possible when they *say* pgp they actually mean they are using gpg - its easier, cleaner, and significantly cheaper.
the additional functionality of pgp desktop doesn't actually take effect unless you select it - and to be honest, there is much additional functionality in gpg4win too (you don't actually need the whole of gpg4win, its just a convenient installer and comes with gui tools to set up and maintain keys)
pgp enterprise is designed for centralized control though, so can be more intrusive - but I doubt you would buy that anyhow :)
given the (lack of) cost, I would suggest you just get the public key from your correspondent, and try it :)
wigmeister: yes, you can encrypt with gpg, and they can decrypt with pgp (or vice versa) - but its entirely possible when they *say* pgp they actually mean they are using gpg - its easier, cleaner, and significantly cheaper.
the additional functionality of pgp desktop doesn't actually take effect unless you select it - and to be honest, there is much additional functionality in gpg4win too (you don't actually need the whole of gpg4win, its just a convenient installer and comes with gui tools to set up and maintain keys)
pgp enterprise is designed for centralized control though, so can be more intrusive - but I doubt you would buy that anyhow :)
given the (lack of) cost, I would suggest you just get the public key from your correspondent, and try it :)
PGP Desktop will not automatically encrypt your emails, but it does indeed get its "tentacles" into my email client.
If I disable the PGP Desktop Service, my email client will not work properly despite the fact that it is configured to NOT work on my email. As long as the Service is enabled, things work OK.
As I mentioned above, if I could do it again I'd steer away from PGP (the Official version) and lean towards GPG. As it is now I cannot even uninstall PGP without it causing problems with my email client.
Good Luck
If I disable the PGP Desktop Service, my email client will not work properly despite the fact that it is configured to NOT work on my email. As long as the Service is enabled, things work OK.
As I mentioned above, if I could do it again I'd steer away from PGP (the Official version) and lean towards GPG. As it is now I cannot even uninstall PGP without it causing problems with my email client.
Good Luck
yeah, the gpg4win outlook plugin is much better behaved than the one from pgp desktop.
ASKER
Thanks. It was a big help.
and then you may continue here http://www.example-code.com/foxpro/encryption.asp
Each good commercial software should come together with development library to allow its incorporation to inhouse applications. Your app should simply call some public DLL interface to encrypt/decrypt the file.
I believe you'll receive better answer in the meantime.