locked
SFTP with PGP RRS feed

  • Question

  • User1122355199 posted

    Hello everyone and thanks for your help in advance.  I developed an application that uploads files to various business partners through sftp.  I have successfully used the SSH.Net component to accomplish this, however, I have a new trading partner that is requiring a PGP key be generated in order to access their server.  I'm really not sure if SSH.Net can accomplish this or if there is another component that will.  Any help would be appreciated.

    Thursday, December 10, 2015 10:23 PM

Answers

  • User614698185 posted

    Hi kmcnet,

    If you have secure ftp - it is a different profile than that of ftp.  Basically secure ftp means that there is an exchange of keys between the client and the server and then all the path is encrypted.  Generally this means that you do not need to encrypt what you are sending through it, however you can not connect a secure ftp client to a normal ftp server - it needs to be an sftp server.

    You could refer to the following links:

    https://community.spiceworks.com/topic/294873-receiving-files-pgp-encrypted-files-via-sftp-help

    http://www.codeproject.com/Articles/457453/PGP-Encryption-with-Csharp

    Best Regards,

    Candice Zhou

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, December 11, 2015 5:39 AM
  • User614698185 posted

    Hi kmcnet,

    but I still need a component to perform the sftp connection and file transfer.

    May be you could refer to the following example:

    https://winscp.net/eng/docs/guide_dotnet

    http://www.componentpro.com/sftp.net/

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,

    Candice Zhou

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 15, 2015 7:46 AM

All replies

  • User614698185 posted

    Hi kmcnet,

    If you have secure ftp - it is a different profile than that of ftp.  Basically secure ftp means that there is an exchange of keys between the client and the server and then all the path is encrypted.  Generally this means that you do not need to encrypt what you are sending through it, however you can not connect a secure ftp client to a normal ftp server - it needs to be an sftp server.

    You could refer to the following links:

    https://community.spiceworks.com/topic/294873-receiving-files-pgp-encrypted-files-via-sftp-help

    http://www.codeproject.com/Articles/457453/PGP-Encryption-with-Csharp

    Best Regards,

    Candice Zhou

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, December 11, 2015 5:39 AM
  • User1122355199 posted

    Thanks for the response.  I'm not sure if you answered the question or not, but let me run through my issue again.  Is there such a thing as a PGP connection (I don't know of one) or are we speaking of encrypting files using PGP, then sending it over a sftp connection (sort of a belt and suspenders approach to security).  The vendor I am working with seems to be telling me that PGP is part of the file transfer process.  Is this possible?

    Saturday, December 12, 2015 2:55 AM
  • User614698185 posted

    Hi kmcnet,

    The SSH keys would be used as an additional authentication factor when someone connects to your FTP server. There should be an option in your FTP server's user admin system that allows you to attach those SSH keys to the user accounts you've set up for the provider. The FTP server will then require that the client sends a copy of the key for comparison when they connect, so the client has to provide username, password, and key in order to connect.

    As far as free PGP options, the only one I'm aware of is GPG4Win tool: https://www.gpg4win.org/

    Best Regards,

    Candice Zhou

    Monday, December 14, 2015 9:08 AM
  • User1122355199 posted

    Thanks for the response.  So if I understand correctly, the file itself is not encrypted, but the key is sent as a payload with the sftp connection.  Am I understanding correctly?  Unfortunately, the server is my trading partner's and they are being very vague about the specs.  So I can use GPG4Win to generate the key, but I still need a component to perform the sftp connection and file transfer.  Do you know of a component that will do this or if SSH.Net can accomplish this?

    Thanks again.

    Monday, December 14, 2015 1:45 PM
  • User614698185 posted

    Hi kmcnet,

    but I still need a component to perform the sftp connection and file transfer.

    May be you could refer to the following example:

    https://winscp.net/eng/docs/guide_dotnet

    http://www.componentpro.com/sftp.net/

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,

    Candice Zhou

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 15, 2015 7:46 AM
  • User1122355199 posted

    Thank you.

    Tuesday, December 15, 2015 7:25 PM