PGP Basics
To effectively use PGP encryption and decryption with Robo-FTP, you must first have a basic understanding of how PGP works in general. This quick intro should be enough to get you started, but it is recommended that you look to the many excellent resources available on the web for a more in-depth explanation.
PGP (short for Pretty Good Privacy), created by Philip Zimmermann, has become a widely used method for sharing information in a secure way. When you encrypt a file with PGP and send it over the internet, you can be reasonably confident that:
Only the intended recipient can read the contents of the file
The file has not been modified in any way since being encrypted
The sender is really who he says he is
This is all achieved using a scheme commonly referred to as "public key encryption." To have somebody encrypt files in such a way that only you can decrypt them, you must first create a key pair. This key pair is made up of a public key and a private key. You keep the private key to yourself -- nobody else should ever have access to this. You distribute your public key to anybody you would like to be able to encrypt files for you to read.
Let's say that you need to encrypt a file and upload it to a bank's FTP server. The bank needs to first give you their public key. You can then encrypt the file with this public key. The encrypted file can only be decrypted by somebody who has access to the matching private key.
Sound simple? It is. There is more to the story, but this is all the background you need to get started.
NOTE: This tutorial was written for Robo-FTP 3.10.x. The steps involved may vary for older or newer versions.
Creating a Key Pair
You must create a key pair if you wish to have anybody encrypt files so that you (and only you) can decrypt them. If you already have a key pair (perhaps from using another PGP program) then you may wish to skip this section and take a look at Importing a Key Pair. Once you have completed these steps to create a key pair you will need to follow these steps to export your public key.
Launch the Robo-FTP Configurator (Start | All Programs | Robo-FTP 3.10 | 3.10 Configurator) and click the 'PGP Keys' tab.
Click the 'Create Key' button.
You must enter a User Name. The email address and comment fields are optional.
Enter a Passphrase and verify it.
Check the 'Save Passphrase' box so you can use it without specifying it in your script (for added security).
Click 'OK' to create the keyring and add the key-pair to this keyring.
Importing a Key Pair
If you already have a key pair (perhaps from using another PGP program) then you may import this key pair into Robo-FTP. First, you must export the key pair (presumably using the same program you used to create the key pair).
Launch the Robo-FTP Configurator (Start | All Programs | Robo-FTP 3.10 | 3.10 Configurator) and click the 'PGP Keys' tab.
Click the 'Import Key' button.
Browse to the folder where your exported PGP key file is located.
Select the file and click 'OK'.
Your key should now be imported and ready to use.
Importing a Public Key
If you wish to encrypt files so that the recipient (and only the recipient) can decrypt them, you must first import the recipient's public key. The recipient must export his public key and give you access to this file (most often as an e-mail attachment).
Launch the Robo-FTP Configurator (Start | All Programs | Robo-FTP 3.10 | 3.10 Configurator) and click the 'PGP Keys' tab.
Click the 'Import Key' button.
Browse to the folder where the public key file is located.
Select the file and click 'OK'.
The key should now be imported and ready to use.
Exporting a Public Key
If you wish to have others encrypt files so that you (and only you) can read them, you must export your public key. You will give this public key (often as an e-mail attachment) to anybody who needs to encrypt files for you to receive.
Launch the Robo-FTP Configurator (Start | All Programs | Robo-FTP 3.10 | 3.10 Configurator) and click the 'PGP Keys' tab.
Select the Key that you would like to export by clicking on it in the list of keys.
Click the 'Export...' button.
Select the location of the file to be exported.
Select 'OK'.
The public key is now exported to a file in that specified folder.
The file will be named with the key's name with an extension of .asc (ASCII armored) or .pgp.
The exported file is automatically signed with the matching private key.
Encrypting a File
Before you can encrypt a file so that only the recipient can read it, you must first import the recipient's public key. Once you've done this, you can encrypt a file with a single script command. For example:
PGPENCRYPT "file_to_encrypt" "destination_encrypted_file" /encryptfor="Recipient1"
When you encrypt a file, you can optionally sign the file as well. While encrypting prevents an unauthorized person from reading the contents of a file, signing prevents anyone from modifying the contents of a file without the recipient knowing.
Before you can sign a file so that a recipient can verify that signature (and thus ensure nobody has tampered with the file), you must first create a key pair or (if you already have a key pair you created with another program) import a key pair. You must then export your public key and distribute it to anybody you wish to be able to verify the signature on files you have encrypted.
Once you've done this, you can encrypt and sign a file with a single script command. For example:PGPENCRYPT "file_to_encrypt" "destination_encrypted_file" /encryptfor="Recipient1" /sign
Note that the difference between this example and the previous example which only encrypts a file is the addition of the /sign option. This option tells Robo-FTP to sign the file using the default private key.
Decrypting a File
Before others can encrypt files so that only you can read them, you must first create a key pair or (if you already have a key pair you created with another program) import a key pair. You must then export your public key and distribute it to anybody you wish to be able to encrypt files for you to read. Once somebody has encrypted a file with your public key and sent it to you (perhaps by posting it to an FTP server for you to download with Robo-FTP, you can decrypt the file with a single script command. For example:
PGPDECRYPT "encrypted_file" "c:\temp\output\decrypted_filename.txt"
When somebody encrypts a file for you to decrypt, he or she can also sign the file. You can verify this signature to ensure that nobody has modified the file after the sender encrypted it.
By default, Robo-FTP automatically verifies the signature on an encrypted file if one exists and returns an error if that signature is not valid. You can change this behavior by adding the /signature=required option to the sample command above to tell Robo-FTP to return an error if a file has not been signed.
PGP File Basics
PGP files are packages that contain the encrypted file contents along with information about the encryption key, encryption cipher and optional details like a digital signature, timestamp and the original filename. It is common practice to name a PGP file by adding the .pgp or .gpg file extension to the end of the source file's name but the name of a PGP file does not necessarily correspond to the original filename value stored within the package.
When the PGPENCRYPT command is executed, Robo-FTP uses the original source file to create a new destination file that has the PGP package data structure described above. Likewise, when the PGPDECRYPT command is executed, Robo-FTP generates a new unencrypted destination file using data extracted from a PGP source file. If no name is specified for the new unencrypted file then Robo-FTP uses the original filename value stored within the package (if it is available).
PGP operations performed by Robo-FTP do not modify or remove the source file.