Help with PGP and RSA for secure FTP transmission

[TumblingDice]

I've been asked to complete a project that requires secure FTP transmission of confidential legal agreements. Despite a healthy background/experience in data communications in the banking industry, time has passed and I've never used PGP or RSA before. NOTE: Everything will be done under Windows and/or IIS. I have a local IIS server for developing/testing, and a public IIS server (if need be) to support the testing phase.

I need to submit a form to apply for secure connectivity. It's asking for both PGP and RSA public keys that we'll use to download new files

My #1 "void" is how to generate the keys properly. Number #2 is how to deliver them in a professional manner. I've tried on my own, using Kleopatra for PGP generation, and "PuttyGen" on the RSA side. I'm feeling "lost at sea"...

My goal is to completely understand before completing a 'perfect' a software solution, yet I'd appreciate a 'recipe' to follow at the moment, hoping to catch up as I go.

Here is the workflow diagram:

Can anyone help with step-by-step recipes to create both the PGP and RSA keys, and subsequent steps to "do it the right way"...?

The application form I need to submit is a Word doc with numbered questions to fill in. So - in my response to "Public PGP Key for Data Encryption", should I post the '*.pgp' file to a server and provide a link to it? Or should I just 'paste' the open text of the certificate into the Word doc? (Or maybe both.)

And how to deliver the same for the RSA side? Can I paste the open text into the Word doc, or does it need to be installed on a server and communicated from there? My local server isn't public - so I can install on the public server if that's the correct way to begin?

Much TIA!

 

[Greg Bernhardt]

Thanks for the post! Sorry you aren't generating responses at the moment. Do you have any further information, come to any new conclusions or is it possible to reword the post?

 

[vela]

It looks like you're actually using SSH File Transfer Protocol, which isn't related to traditional FTP and its secure variants. I think your main concern when generating keys is to make sure they're long enough. As far as step-by-step instructions for generating the keys, I'd just google for that info. There are a lot of tutorials on how to do that.

The easiest way to send the public keys is to simply send the text file containing the key, so pasting into the Word document should be fine. Just make sure you send the public key, not the private one.

 

[TumblingDice]

@Greg Bernhardt - Thanks a bunch for the 'bump'. I swallowed my pride Friday afternoon and called the source... Learned that I did everything the right way to generate keys, and the techies were happy to hear from me to complete setup on their end. I'm going to post more to the thread this week for those that follow. ;)

@vela - Thank you for responding! Your info is all "spot on". I used Bing (try it sometime) to locate key generators I felt comfortable with. That went well, and I'll post more info for the PGP and RSA solutions I found RSN. Just as you said, all was "text", yet the files had their own unique extensions. I learned this during my "rapid setup" tech contact :), and communicated the info natively by attaching the PGP and ASC files to an email during the phone call.

All the best!
TD

 

[LudusRex]

I understand the importance of secure data transmission, especially when dealing with confidential legal agreements. PGP and RSA are both widely used encryption methods that can help ensure the security of your FTP transmission. I can provide some guidance on how to generate PGP and RSA keys and how to deliver them in a professional manner.

To generate PGP keys, you can use a tool like Kleopatra or GnuPG. These tools will guide you through the process of creating a key pair, which consists of a public key and a private key. The public key is used to encrypt data, while the private key is used to decrypt it. It's important to keep your private key secure and not share it with anyone.

To generate an RSA key, you can use a tool like PuTTYgen. This tool will also guide you through the process of creating a key pair. Similar to PGP, the public key is used for encryption and the private key is used for decryption.

Once you have generated your keys, you can deliver them in a professional manner by sharing the public keys with the party you will be exchanging data with. There are a few ways to do this. One option is to upload the public keys to a server and provide a link to them in your application form. Another option is to simply paste the open text of the keys into the Word document. You can do this for both the PGP and RSA keys.

It's important to note that the public keys are meant to be shared and do not need to be kept secure. However, it is recommended to use a secure method of delivery, such as a password-protected file or a secure messaging platform.

I understand that this may seem overwhelming if you are not familiar with PGP and RSA, but with some guidance and practice, you will be able to generate and deliver the keys correctly. I suggest following the workflow diagram you have provided and using the tools mentioned above to generate the keys. If you have any further questions, don't hesitate to reach out for assistance. Good luck with your project!