Files are encrypted in MOVEit Central by using Process steps that refer to one of two built-in PGP encryption scripts. To encrypt and digitally sign a file, use the "PGP Encrypt and Sign" script. To only encrypt a file, use the "PGP Encrypt Only" script. Though slightly more processor-intensive, it is generally recommended that you use encrypt-and-sign, rather than just encrypt. This allows the recipient to ensure that you really are the sender of the message.
To add a process step which encrypts a file before sending it to its destination, right-click on the task name and choose Add Process... Choose one of the two built-in processes mentioned above. (In this example, "PGP Encrypt and Sign" is used.)
When you choose OK, MOVEit Central Admin will see that the recipient and sender keys are required parameters, so it will bring up the Edit Parameters dialog to prompt for these keys:
Double-click on the PGP recipient name parameter to get the Add Parameter dialog:
To add a recipient key, click the "Add" button to get the Select PGP Key dialog. Select a key for the recipient and choose OK. More keys may be added and removed using the buttons. Close the Add Parameter dialog via OK when finished. Recipient key can be selected from either My Keys (if you want to send a file to yourself) or Other Keys.
Double-click the signer key parameter to select a key to be used to sign the encrypted file. Because only private keys can be used to sign files, you may select only from My Keys.
The optional PGPASCIIArmor can be set to True if you want to convert the encrypted file to ASCII format. This increases the size of the file. This option is designed to accommodate file transfer mechanisms that cannot send binary files. However, all of MOVEit Central's transfer protocols properly handle binary files, so there is little reason to select ASCII armoring in MOVEit Central.
By default, MOVEit Central sends files under their original name. You may wish to indicate to your recipient that the file you are sending is PGP-encrypted by appending a ".pgp" suffix to the filename. To do this, edit the task's destination by unchecking "Use Original File Name(s)" and changing the FileName to "[OrigName].pgp".
When your task is complete, it should look something like this:
It is common for a given site to sign most or all of its outgoing files with the same key. Thus, you may wish to set a global parameter named PGPSignerKey. If you do so, you will not need to set the PGPSignerKey in the Process step of each task that does PGP encryption and signing. You may override the global signer key by specifying it in an individual Process step if desired.
