Video Screencast Help

PGP Command Line Questions

Created: 13 Mar 2012 | 1 comment
Optimus Prime's picture

Few questions about PGP Command line because we are planning to use it to protect files to be sent either internally or externally via FTP. This is to protect the files on FTP servers. Please see questions below:

1. Is the following sequence correct:

a. if we have 5 ftp server. does it mean that we need 5 keypair?
b. we will install five command line to the 5 ftp server that we have?
c. the ftp server of recipient should also have command line installed?
d. we also need to create keypair for the recipient ftp server?
e. Will we be using command line everytime we need to encrypt a single file/multiple files? or a 3rd party script/application is needed?
f. after encrypting the file, we will send it manually or a command line can do it automatically (is this an option or can this be done using command line)

Sorry, just need clarifications. Thanks

Comments 1 CommentJump to latest comment

dfinkelstein's picture


(a) A PGP key is a binding of an identity (a UserID) with an assymetric key.  You can use the same key on multiple machines.  If it is important to distinguish between the different machines (i.e. each machine needs to have a different identity) then you will want 5 different keys.

(b) If you want to encrypt and decrypt files on 5 ftp servers, you will need to install and license 5 copies of PGP Command Line.

(c) If you are encrypting to a recipient, the recipient will need some way to do the decryption.  There are several ways you can accomplish this.  First, they could have their own copy of PGP Command Line.  Second, they could use PGP Desktop or some other PGP product to do the decryption.  (In both of these cases, they should have their own PGP key.)  Third, you can create what is known as a "Self Decrypting Archive" (SDA).  This is an executable program that prompt for a passphrase and produce the decrypted file as output.  With this last option, the recipient does not require any PGP software.  PGP Command Line can create an SDA for Windows, OSX, Linux, Solaris SPARC, AIX, and HP-UX.

(d) Your recipient should have a PGP key (unless you are doing SDAs).  If you are sending the files internally, you could use the same key for the sender and recipient.  If you are not also the recipient, you should not share your private key with them -- they should have their own key.

(e) I'm not sure I understand this question.  PGP Command Line should be invoked each time you want to encrypt or decrypt a file (or set of files).  PGP Command Line does not currently provide any workflow.

(f)  PGP Command Line does not currently provide any file transfer built in.  You could write your own script to take an input file, encrypt it with PGP Command Line, and send it to the recipient.



David Finkelstein

Symantec R&D