Secure file transfer using PGP Key Management Server
This script is an example implementation of a file transfer process.
A file is encrypted, sent to a recipient using FTP and on the receiving side, the file is decrypted using the PGP Key Management Server.
All private keys are stored only on the PGP Universal Server and using the Key Management Server the receiving side can decrypt the file without transferig the private key off the PGP Key Management Server.
On decryption, PGP Command Line extracts the encrypted session key from the encrypted file and sends this encrypted session key to PGP Key Management Server for decryption. PGP Command Line is then able to decrypt the bulk data using the symmetric session key.
PGP Command Line Version required (min): 10.0.0
PGP Universal Server Version required (min): 3.0.0
Script language: perl
Developed for platform: Linux
Platforms the script will work on: Windows, Unix, any platform with a perl interpreter and PGP Command Line installed
This example is implemented in two scripts: file_send.pl and file_receive.pl
It is written to be used on Linux and Unix platforms, this can be easily changed in the source code, to make it
compativble with Windows as well
REQUIREMENTS: ------------- * A reachable Universal server * A Linux machine, SERVER, running an ftp server, and a licensed PGP Command Line * A (ideally different) Linux machine, CLIENT, with a licensed PGP Command Line SETUP: ------ * Copy the script file_send.pl to the CLIENT machine. * Copy the script file_receive.pl to the SERVER machine. * Edit the "config" section at the top of both script to match the IP or hostname of the KMS server, USP authentication information, ftp info, etc. * On both CLIENT and SERVER, run an authenticated PGP Command Line KMS command and tell it to cache the authentication cookie. E.g.,: pgp --usp-server keys.senderdomain.com --usp-cache-auth --auth-username usp-user \ --auth-passphrase passphrase The scripts assumes an authentication cookie exists for the Unix user that runs it. If it does not, it will fail with permission errors. Also note that the USP server string given on this command has to match the one in the config file; it is not sufficient that they resolve to the same machine. TESTING/DEMO ------------ * Put clear-text files to transfer on CLIENT, in the configured outgoing directory. * Run the file_send.pl script on CLIENT * Run the file_receive.pl script on SERVER * Clear-text versions of the files can be found in the configured destination dir on SERVER. NOTES ----- * Each invocation of file_receive.pl will clobber any existing files in the destination directory. That is, if a file has the same name as a file previously transferred, then only the new file will exist in the destination file. * At this point, no attempt is made at verifying that files that end with .pgp are indeed OpenPGP files. Therefore, creating such files and attempting to transfer them will not work.