Securing Trading Partner File Transfers w/ Auto PGP Encryption & FTPS

Posted by John Carl Villanueva on Sun, Jan 03, 2021 @ 04:05 PM

[Last updated: January 2021] PGP encryption can add another layer of protection to a trading partner file transfer already secured by FTPS. It can also provide data-at-rest encryption as soon as the file arrives at the other end. In this post, we'll show you how to set up a fully automated file transfer secured by OpenPGP and FTPS using JSCAPE MFT Server triggers.

What we'd like to do




Does that look like something you could use? Here are the steps to achieve that.


1. Import your trading partner's PGP public key


Before you can PGP-encrypt a file which your trading partner can later on decrypt at the other end, you'll first need to obtain your trading partner's PGP public key. Once you have that, you can then import it to your managed file transfer server so it can be called into play whenever a file needs encryption. Here's how you'd do the import.

Launch your JSCAPE MFT Server Manager, go to Keys > PGP Keys tab, and then click the Import button.


trading partner pgp ftps - 01


Once the Import PGP Key dialog appears, choose Public key for the Key type, click Browse, and then navigate to the folder containing the public key file you got from your trading partner. Select the file and then click OK.


trading partner pgp ftps - 02


As soon as you do that, you should then find your newly imported public key in your collection of PGP public keys. Take note of this key's alias because you'll need it later.


trading partner pgp ftps - 03


2. Establish a FTPS Trading Partner connection


Now, go to the domain where you want to enable automatic PGP encryption.


trading partner pgp ftps - 04


Before you start enabling this domain with automatic PGP encryption, you need to verify first whether you already have an existing FTPS trading partner object for the trading partner whose PGP public you recently imported. Go to the Trading Partners module and then see if you already have an FTPS trading partner object for the trading partner in question. 


trading partner pgp ftps - 05


If you don't have one yet, you may use the steps in this article to create one: Setting Up A Trading Partner For Automated FTP/S

Once you've got your FTPS trading partner ready, you can then proceed with creating a trigger that would automatically encrypt a file with PGP and then send it via that FTPS trading partner connection.


3. Schedule the time for your auto-PGP encryption and FTPS transmission to run


Start by creating a new trigger. Go to the Triggers module and then click Add.


trading partner pgp ftps - 06

For those who are using JSCAPE MFT Server version 12.1 and higher, you'll be presented with a Trigger Template dialog where you can choose a template that best describes the workflow you're about to automate. Let's just leave that blank and click OK


trading partner pgp ftps - 07

Give this trigger a name, say, 'Auto PGP Encrypt - TP-FTPS SEND'. Next, select the Current Time Event type and then (optionally) enter a description for this particular trigger. Click Next.


trading partner pgp ftps - 08


The Current Time event fires every minute. However, you may want your desired trigger actions (i.e., to encrypt and send via FTPS) to execute only at certain times. To make that happen, specify the schedule for the trigger actions to execute by entering time variables and then assigning values to them using the Expression Builder.

In my case, I'm using the following time variables and values:

Hour = 20

Minute = 0

DayOfWeek = 6


trading partner pgp ftps - 09


After checking the values in the Trigger Conditions Expression box, click Next to proceed.


4. Add the trigger action for PGP encryption


You're now ready to add your desired trigger actions. Click the Add button to add the first trigger action.


trading partner pgp ftps - 10


Select the PGP Encrypt File trigger action and then click OK.


trading partner pgp ftps - 11


Once the PGP Encrypt File trigger action parameters come up, enter the necessary settings. You'll want to specify the file you want to encrypt. Just click the Browse button and select the file.

The next parameter you may need to specify is the Destination field. This is the path where you want the encrypted file to be placed. If you leave the Destination field blank, the encrypted file will be placed in the same directory as the source file but with a .pgp extension added to it. So if the filename is "filetoupload.txt", the encrypted file will be "filetoupload.txt.pgp".

Some people don't want that pgp extension to be included. If that's what you want, just specify a different directory, use the same filename, and remove the .pgp. So, for example, you can enter "C:\forupload\f-00435.txt"

There are several variables you can use if you click on the Variables button. For example, depending on the event type, you can use a variable that already holds the path or filename of the file you want to encrypt. This can be useful if the file you want to encrypt varies.

The next important thing you need to specify is the Public Encryption Key. Tick the Public Encryption Key check box and select the alias of the public key you imported earlier.

Click OK when done.


trading partner pgp ftps - 12


5. Add the trigger action for transmitting via FTPS


Now you're ready to add the second trigger action that will transmit your PGP-encrypted file via FTPS. Click the Add button to proceed.


trading partner pgp ftps - 13


Select the Trading Partner File Upload trigger action.


trading partner pgp ftps - 14


From the Partner drop-down list box, select the specific trading partner you want to use. Remember, Trading Partners in the context of JSCAPE MFT Server already contain all the necessary information that define a particular trading partner connection, including transfer protocol, username, password, port number, host/IP address, etc.

So, at this point, all that's left to specify is the file you want to upload (Local File) and the directory on the remote server. In this example, we just want the file to be uploaded to the user's root directory (relative path). That's why we simply used the "/" (forward slash).

Click OK when done.


trading partner pgp ftps - 15


You should then see the second trigger action added to the trigger action canvas.


trading partner pgp ftps - 16

Arrange the two trigger actions such that the PGP Encrypt File precedes the Trading Partner File Upload action and then connect them accordingly.

If you don't know how to go about with this, read the post: Introducing the Redesigned Trigger Action Workflow


trading partner pgp ftps - 17


Click OK.

This will take you back to the main screen where you'll find your newly created trigger.


trading partner pgp ftps - 18


That's it. Now you know how to configure JSCAPE MFT Server so it can further secure an FTPS trading partner file transfer with PGP encryption.

Try this yourself

Would you like to try this yourself? Download the FREE, fully-functional Starter Edition of JSCAPE MFT Server now.


Download JSCAPE MFT Server


Topics: JSCAPE MFT Server, Managed File Transfer, OpenPGP, Tutorials, Triggers, FTPS