SFTP – PGP Encryption Process

PGP (Pretty Good Privacy) encryption is a method for securing email communications and files. It combines symmetric-key and asymmetric-key cryptography to provide privacy and authentication. Here’s a basic rundown:

  1. Asymmetric Encryption: PGP uses a pair of keys—a public key and a private key. The public key encrypts the data, and only the corresponding private key can decrypt it. This ensures that only the intended recipient can read the message.
  2. Symmetric Encryption: For encrypting the actual data, PGP uses a symmetric-key algorithm (like AES). Symmetric encryption is faster than asymmetric encryption, so PGP encrypts the message with a symmetric key and then encrypts that symmetric key with the recipient’s public key.
  3. Digital Signatures: PGP also allows users to digitally sign their messages. This involves creating a message hash and encrypting it with the sender’s private key. The recipient can decrypt this hash with the sender’s public key and compare it with a newly generated message hash to verify its integrity and authenticity.

PGP is widely used for secure communication and data encryption, providing a robust level of security for various types of digital communication.

Source – Pretty Good Privacy

PGP Encryption Implementation at Dash

Dash sFTP batch files are used to process card order/register processes. These files contain card specifications and other related information. Such details could be confidential for some clients, in which case they request PGP encryption for their files. The Dash admin team processes the PGP request and implementation. Once the PGP is enabled for a customer, they are provided with a public client key (Client_PublicKey) that can be used to decrypt the return files at the client end. Following are the steps for uploading and processing a batch file with PGP:

PGP Encryption at Dash

  1. PGP requires a public key for encryption and a private key for decryption. These are generated using the Kleopatra tool. After the client requests PGP encryption, the Dash admin generates public and private keys. The private key is made available to the client for decryption.
  2. The rest of the batch file upload process is the same as the normal sFTP file upload. Refer to this page for details.
  3. Once the file is uploaded, the extension is suffixed with “.pgp,” indicating it’s encrypted.
  4. The file is then uploaded to FIS, and after the processing, the file is prefixed with _completed or _failure, depending on the results.
  5. The client then needs to enter the client private key to decrypt the return file.