MFT Resource Center

PGP Encryption

PGP, which stands for Pretty Good Privacy, is one of the most popular methods for signing and encrypting files. Created in the 1990s, PGP is currently owned by the security software company Symantec. Financial institutions, healthcare organizations and other highly regulated industries all use all use PGP to safeguard their most sensitive files.

What is Open PGP?

Open PGP is the open-source standard that allows PGP to be widely used in software. Many tools and solutions support and leverage Open PGP encryption technology.

Vendors who want to include Open PGP in their solutions must follow IETF (Internet Engineering Task Force) standards and provide strong interoperability with Open PGP-compliant software vendors. Its interoperability has made Open PGP a widespread form of encryption, and ArcESB also supports Open PGP. The advantage is it makes it easier for your partners and tools to interface with you through ArcESB to receive and decrypt messages encrypted using Open PGP.

In contrast, while the official PGP is interoperable, it is only provided in one implementation, from Symantec.

Open PGP vs. GPG

GPG stands for GNU Privacy Guard and is a specific Open PGP implementation. GPG provides tools and libraries that allow users to use a GUI or command line to integrate encryption with emails and operating systems, such as Linux. The functionally of both of Open PGP and PGP are virtually identical, and they can open and decrypt each other's files.

How does Open PGP Encryption Work

Open PGP can sign, encrypt, or sign & encrypt. You can use PGP to encrypt both data in motion and data at rest in a database or another data storage solution. Open PGP works with any type of data, such as video, plain text files, and CSV.

Encryption

Encryption is performed through the use of a key pair. The public key may be published or sent to the recipient. The private key is known only to the recipient, who will decrypt the key. The public key is used to encrypt the message or the file and the private key to decrypt it.

Open PGP gives you a choice of encryption algorithms that include:

  • AES128 (most common)
  • AES192
  • AES256
  • BLOWFISH
  • CAST5
  • IDEA
  • TWOFISH
  • 3DES, or TripleDES

Open PGP also enables you to choose the ASCII Armor option for encoding. ASCII Armor is an optional packaging mechanism that Open PGP offers to encode encrypted data in ASCII characters. This is often used and very useful for sending files when binary data is not allowed (such as email or when posting online).

Signing

Open PGP also provides digital signatures to authenticate data and ensure that the message was sent by the person or entity who says they sent it. It can be used for non-repudiation, to detect whether the message was altered after it was signed.

Using Open PGP, the party sending the message creates a digital signature for the message. A digital signature is created by first computing a hash over the message and then signing that hash using the sender's private key. If the signed messages is modified, the signature verification will fail on the receiver's side.

Signing is most useful when sending files to other entities, or trading partners. It's not typically used for storing files on an in-house server.

Available hash algorithms for signing include:

  • SHA256 (most common)
  • SHA384
  • SHA512
  • SHA224
  • SHA1
  • RIPEMD160

Compression

PGP also optionally performs compression on files using compression methods that include:

  • bzip2
  • zip (most common)
  • zlib

How ArcESB Supports Open PGP Encryption

ArcESB is an MFT solution that gives you the flexibility to choose the way you send files. If you choose to move files via a protocol such as FTP, which does not natively provide encryption, you can leverage ArcESB to add PGP encryption. ArcESB makes it easy to manage keys and automate the entire PGP encryption and decryption process.