On-the-Fly PGP Encryption

← Back to Home

The Almeria Industries SFTP Gateway supports automatic PGP encryption of uploaded files. This guide explains how to generate a PGP key pair and use it to encrypt files during upload.

Step 1: Generate a PGP Key Pair

Use GPG (GNU Privacy Guard) to generate a new key pair on your local machine.

Interactive Method

Run the following command and follow the prompts:

gpg --full-generate-key

You will be prompted for:

  • Key type: Choose RSA and RSA, or ECC
  • Key size: 4096 bits recommended for RSA
  • Expiration: 0 for no expiration, or set a specific date
  • Your name and email
  • Passphrase: To protect the private key

Non-Interactive Method

Generate a key without prompts using batch mode:

gpg --batch --gen-key <<EOF
Key-Type: RSA
Key-Length: 4096
Name-Real: Your Name
Name-Email: [email protected]
Expire-Date: 0
%no-protection
EOF

Export Your Public Key

List your keys to find the key ID or email:

gpg --list-keys

Export the public key in ASCII-armored format:

gpg --armor --export [email protected] > my_public_key.asc

The exported file will look like:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGX...
...base64 encoded data...
-----END PGP PUBLIC KEY BLOCK-----

Step 2: Upload Your Public Key to the SFTP Gateway

The SFTP Gateway uses a "magic path" approach. Upload your ASCII-armored PGP public key to the special path /.pgp/key at the start of your session:

Using sftp Command Line

sftp user@server
sftp> put my_public_key.asc /.pgp/key

Using scp

scp my_public_key.asc user@server:/.pgp/key

Step 3: Upload Files

After setting the key, all subsequent files uploaded to /upload during that session will be automatically encrypted:

sftp> put myfile.txt /upload/myfile.txt

The server will:

  1. Buffer the incoming file data
  2. Encrypt it using your PGP public key when the upload completes
  3. Store the encrypted version in the destination storage

Step 4: Decrypt Files

The encrypted files are standard PGP messages. Use your private key to decrypt:

gpg --decrypt encrypted_file.pgp > decrypted_file.txt

Key Points

Aspect Details
Session-scoped The PGP key is only valid for the current SFTP session. Reconnecting requires uploading the key again.
All uploads encrypted Once set, ALL files uploaded to /upload during that session will be encrypted.
Standard PGP output Encrypted files are standard PGP messages compatible with any GPG implementation.
Client compatibility Works with any SFTP client: FileZilla, WinSCP, command-line sftp, etc.
Private key security Your private key stays on your machine and is never uploaded to the server.

Contact

Location:

Almeria Industries
Bucuresti, Calea Moșilor Nr. 88, Sector 3, 020851
Romania

Demo:

Schedule online