OpenPGP Encryption/Decryption Action

OpenPGP Event Rule Action

You can configure EFT Server’s OpenPGP Event Rule Action to do things like encrypt, sign, and decrypt, even on files larger than 2GB. The OpenPGP Action is available with Server Events (the On Timer and On Rotate Log events), certain File System Events (File Upload, File Move, and File Rename), and a User Event (User Logout). To use this Action, the Site must be configured for OpenPGP and the appropriate PGP keys must be generated.

Using the OpenPGP Encryption/Decryption Action in Event Rules

When OpenPGP is used with a Folder Monitor Rule, OpenPGP operations will result in the creation of new files that will trigger the Folder Monitor Rule a second time. Although EFT Server provides an implicit filter that will ignore .pgp, .sig, .asc or .gpg file extensions for encrypt operations, you should still add an Event Rule Condition that provides an explicit exclusion next to the “If File Change does equal to added” Condition that is created by default when the Folder Monitor Rule is first created.

When encrypting a file: "If File Name does not match *.pgp"
When decrypting a file: "If File Name does match *.pgp"
When verifying the signature: "If File Name does match *.sig"
When signing a file "If File Name does not match *.sig'"
When verifying signature only: "If File Name does match *.pgp"
When signing: "If File Name does not match *.pgp"

One limitation is that you cannot "Encrypt and Sign" and then "Verify Only"; that will fail. The scenarios below are valid:

PGP Source	PGP Receiver
Encrypt+Sign	Decrypt+Verify
Encrypt+Sign	Decrypt
Sign Only	Verify Only

To set up EFT Server to use OpenPGP for particular Event Rules

Follow the procedure in Creating Event Rules or select the Rule to which you want to add the Action.
In the right pane, in the Actions list, double-click OpenPGP Encrypt, Encrypt + Sign, Decrypt. The Action appears in the Event in the Rule Builder pane.
In the Rule Builder pane, select either of the underlined elements (links). The OpenPGP Action dialog box appears.
Specify the OpenPGP operation (Encrypt, Encrypt and Sign, Sign Only, Self-Decrypting Archive (SDA), Decrypt, Decrypt and Verify Signature, Verify Signature Only).

The options that appear in the dialog box depend on what you select in the OpenPGP operation box:

If you designated a default key for the Site, that key is displayed in the Encrypt or decrypt using (right) pane. If there is no default key, the right pane will be blank. Use the arrow icons to add or remove keys between the Your keyring pane and the Encrypt or decrypt using pane, or double-click the key in the list.

If you would like to encrypt a single file such that multiple recipients will be capable of decrypting it, add the individual keys of the intended recipients to the list of keys to use for the encryption Action to the Encrypt or decrypt using (right) pane. This prevents you from having to create multiple copies of a file and then encrypt and manage each file separately for each intended recipient.

Example Use Cases:

You have a report containing sensitive data in PDF format. That report must be consumed by three individuals. In this case you would configure the "Encrypt" or "Encrypt and Sign" Action with all three public keys that correspond to those individuals. You can then send a copy of that one file to each of the recipients, and they can each decrypt the file with their private key in order to view the report in their PDF reader.
You are required to keep an archive copy of all outbound files, including any encrypted files. If you encrypt with only the intended recipient's key, then the resulting encrypted file will not be acceptable for archival since you will not be able to decrypt it later. Therefore you encrypt the file with not only the public key of the intended recipient but also the public key to which you have the corresponding private key. Not only will the recipient be able to decrypt the file as usual, but you will also be able to decrypt the archived copy of that file, if needed.

To specify ASCII-Armored output, select the check box.
Select the Enable compression check box, then click the down arrow to specify a level of compression, from 1 (least compression, fastest) to 9 (max compression, slowest). The default is 6 (medium compression, default).
In the Output To box, click the down arrow to specify an option: Output signature to target file (.pgp), Output signature to target file ASCII armored (*asc), Output signature to separate file (*.sig), Output signature to separate file ASCII armored (*.asc).
In the Signing key box, click the down arrow to specify the signing key.
In the Signing hash box, click the down arrow to specify a hash: Use default (MD5 or SHA-256), MD5, SHA-1, RIPEMD160, SHA-256, SHA-384, or SA-1512.
In the File to process box, specify the file or folder to process. The default target file is selected. Alternatively, click a variable to add it to the File to process box or use actual file/folder names. Use the folder icon to browse to a file or folder.

Click OK to close the dialog box and apply the parameters.
Click Apply to save the changes on EFT Server.

This online help file is for EFT Server version 6.3.x. For other versions of EFT Server, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 20-Dec-11 at 16:00:09