Create a decryption-only job
If you receive encrypted files from your third-party provider, you can use a file forwarding/encryption job to decrypt the file on the file transfer platform.
To use file decryption:
-
Create separate folders for the encrypted and decrypted files
-
Upload a PGP private key used to decrypt files
Create folders
Your third-party provider can be set up with a web user that has access to a specific folder (via a folder group) in order to upload files to the file transfer platform.
To configure folders for file decryption:
-
Create a folder that will contain the encrypted files that your third-party will deposit:
-
In the file transfer platform, go to the Files section.
-
Select the root directory.
-
Select New Folder.
-
Give the folder a name and select Create.
-
-
If you have not already configured a web user for the third party, follow the guidance in Configure third-party users and folder groups to create a web user and grant access to this folder for your third-party user. This folder will be used to deposit encrypted files.
Upload a PGP private key
In order for the third-party provider to send encrypted files that you can decrypt, you must give the provider the public part of a PGP key pair that you have generated. The third-party provider will use the public key to encrypt the file, and you must upload the private part of the key pair to enable decryption.
For more information about PGP keys, and for guidance about uploading keys, see Import PGP/SSH keys.
Configure a decryption job
When you have folders, users, and PGP keys in place, the final step is to create a file forwarding and encryption job that enables file decryption and forwards the decrypted file to another folder. Typically, you will deliver decrypted files to the folder from which your inbound Payflow service collects files. If you are collecting files manually, create a folder specifically for the decrypted files.
To create a decryption job:
-
Log in to the file transfer platform at https://sftpgo.eu.sagepeople.com/
-
Go to Forms > Available forms > Enable file forwarding and encryption.
-
Configure the forwarding job as follows:
-
Source Virtual Folder: enter the path for the folder that will be used by the third-party web user to deposit encrypted files. For example:
/PayslipsEncrypted -
File Pattern: enter the file extension for deposited files. PGP encrypted files have an extension of
.pgp -
Destination IP/DNS: leave this set to
localhost. Localhost means that the job will run locally, without forwarding the file to another server. -
Destination Port: leave set to
22. -
Destination Path: enter the path for the folder that will be contain decrypted files. For example:
/PayslipsDecryptedTip If you have an existing folder into which you want to deposit your decrypted files, ensure you enter the address accurately. If the folder does not already exist, it will be created. -
User: enter your administrator username. The job must be run as a user that has folder access to both folders.
-
Login Method: Password: enter your administrator password.
-
Login Method: SSH Key: leave blank.
-
File Encryption and Signing: set to Decrypt.
-
PGP Key to Encrypt/Decrypt: select the private part of the key pair. The file must have been encrypted using the public part of the key pair.
-
PGP to Sign: leave blank.
-
Do you want to delete the original file?: as a best practice, set the original file to be deleted from the folder as soon as it has been decrypted. Select Yes.
-
-
Select Submit.
For more information about using this form, see Enable file forwarding, encryption, and decryption.
When a matching file is deposited to the source folder, the job will decrypt the file and move it to the destination folder. The decrypted file can then be collected either manually or by your inbound Payflow service.