GPG (PGP)
Your files are secure on the Files.com platform by default. Files.com uses the latest encryption technologies to protect your files both in transit and at rest. However, sometimes counterparties or other compliance requirements dictate that you specifically use GPG or PGP encryption in addition to the encryption we provide.
That is why we offer the option for automatic GPG encryption or decryption of any file that arrives in a specific folder.
You can configure different folders to use different GPG keys, providing a customized level of encryption for each folder.
About GPG
GPG stands for GNU Privacy Guard, which is an independent implementation of PGP.
PGP, or Pretty Good Privacy, was originally developed as freeware copyrighted under the GNU public license to provide the ability to securely share and transfer information with strong encryption.
PGP was later turned into a proprietary program.
GPG is a publicly licensed project of the OpenGPG Alliance, and is used interchangeably with PGP.
How GPG Encryption works
Unlike the strong at-rest encryption that Files.com already applies by default, GPG encryption is a separate encryption process applied using a public GPG key that you provide when enabling GPG encryption for a folder.
Once files are encrypted with your public key upon upload, they can only be decrypted using the corresponding private key—a key that only you control.
This renders your files unreadable by anyone—even Files.com—without the corresponding private key needed to decrypt the files.
Exact Timing of Encryption and Decryption
GPG is performed as a post-processing step after an upload.
Moving a file into the folder will not trigger GPG encryption or decryption, nor will renaming a file. This is true for when a move, or rename is performed manually or via an Automation.
Copying a file into the folder will trigger GPG encryption or decryption in the same way as an upload would. This is also true when the copy is performed via an Automation or Remote Sync action.
A Remote Server Sync, which is configured to pull (upload) files into the folder, will trigger GPG encryption and decryption just as if the files were uploaded manually.
As part of the file upload process, if a file requires post-processing, the file is initially placed into a locked and quarantined container, instead of into its destination folder. The file is then streamed from the locked, quarantined container and GPG encryption is applied "on the fly" as the file is written to its destination folder. The original unencrypted file is never stored on Files.com and the original file is completely unavailable for any actions (other than delete) until the post-processing is complete.
After the GPG encryption or decryption is applied then the original (input) file is purged from the locked and quarantined container and the resulting (output) file is made available in the folder.
The resulting (output) file of the PGP encryption or decryption appears as a newly created (uploaded) file within the folder and can trigger any Automations that have been configured to trigger when files are created.
Notifications, such as Folder Settings for Email notifications, Slack notifications, and Webhooks, will be triggered by the resulting (output) file of the GPG encryption or decryption.
You will see the file appear in list requests via certain interfaces (such as FTP, SFTP, and some other integrations) during this state. We intend to soon enhance our web interface and Desktop app to provide special icon/color indications when a file is in this locked state, as well as some indication of the status of the post-processing step. Please be assured that despite appearing in a list, the file is completely unavailable for any actions (other than delete) until the post-processing GPG encryption or decryption is complete.
File Size Constraints
Files.com currently is only able to perform GPG Encryption and Decryption on files with a maximum size of 2 GB. This is due to limitations with how we host the GPG Application in the cloud. We are interested to learn more about the use case of any customers who need GPG for very large files.
Overwrite Behavior for Output Files
The output of an encryption or decryption will not overwrite an existing file.
Instead the new output file will have its file name appended with a date and time value in order to provide a unique file name. This is so that already existing output files, with matching names, do not get overwritten or cause data to be lost.
Signing Constraints
Files.com does not currently support GPG Signing.
When decrypting, files that are both encrypted and signed will be successfully decrypted but without performing any signature verification. When encrypting, files will only be encrypted and cannot be signed.