This script is an example implementation of a file transfer process.
A file is encrypted, sent to a recipient using FTP and on the receiving side, the file is decrypted using the PGP Key Management Server.
All private keys are stored only on the PGP Universal Server and using the Key Management Server the receiving side can decrypt the file without transferig the private key off the PGP Key Management Server.
On decryption, PGP Command Line extracts the encrypted session key from the encrypted file and sends this encrypted session key to PGP Key Management Server for decryption. PGP Command Line is then able to decrypt the bulk data using the symmetric session key.
PGP Command Line Version required (min): 10.0.0
PGP Universal Server Version required (min): 3.0.0
Script language: perl
Developed for platform: Linux
Platforms the script will work on: Windows, Unix, any platform with a perl interpreter and PGP Command Line installed
Notes:
This example is implemented in two scripts: file_send.pl and file_receive.pl
It is written to be used on Linux and Unix platforms, this can be easily changed in the source code, to make it
compativble with Windows as well
Readme:
REQUIREMENTS:
-------------
* A reachable Universal server
* A Linux machine, SERVER, running an ftp server, and a licensed PGP
Command Line
* A (ideally different) Linux machine, CLIENT, with a licensed PGP
Command Line
SETUP:
------
* Copy the script file_send.pl to the CLIENT machine.
* Copy the script file_receive.pl to the SERVER machine.
* Edit the "config" section at the top of both script to match the IP
or hostname of the KMS server, USP authentication information, ftp
info, etc.
* On both CLIENT and SERVER, run an authenticated PGP Command Line KMS
command and tell it to cache the authentication cookie. E.g.,:
pgp --usp-server keys.senderdomain.com --usp-cache-auth --auth-username usp-user \
--auth-passphrase passphrase
The scripts assumes an authentication cookie exists for the Unix user
that runs it. If it does not, it will fail with permission
errors. Also note that the USP server string given on this command
has to match the one in the config file; it is not sufficient that
they resolve to the same machine.
TESTING/DEMO
------------
* Put clear-text files to transfer on CLIENT, in the configured
outgoing directory.
* Run the file_send.pl script on CLIENT
* Run the file_receive.pl script on SERVER
* Clear-text versions of the files can be found in the configured
destination dir on SERVER.
NOTES
-----
* Each invocation of file_receive.pl will clobber any existing files
in the destination directory. That is, if a file has the same name
as a file previously transferred, then only the new file will exist
in the destination file.
* At this point, no attempt is made at verifying that files that end
with .pgp are indeed OpenPGP files. Therefore, creating such files
and attempting to transfer them will not work.
Attachments: