Troubleshooting GPG

---

When a GPG key for your account is about to expire, you will receive an automated email notification from Files.com titled Failures/Events that may need your attention.

When a key that is used for auto-encryption or auto-decryption has expired, uploads to the affected folders will be disabled until the key is replaced.

To resolve an expired GPG key issue in Files.com, use the appropriate GPG/PGP utility to update the expiration date for your key. Export the updated key. Disable the auto-encryption/decryption setting that is using the expired key. Re-enable Encryption or Decryption using your updated key.

Files encrypted by PGP or GPG should include a Modification Detection Code (MDC) which is used to confirm the integrity of the file.

In current and modern versions of PGP and GPG (version 7 onwards), the MDC is included by default. Older versions (version 6 and earlier) did not include the MDC by default, but allowed it to be optionally added.

If you receive a PGP or GPG encrypted file that does not include the MDC then you will see the following error message in the logs and site alert emails:

File is gpg encrypted but is missing modification detection code (MDC): path/to/folder/encrypted_file.txt.pgp

This error means that the integrity of the file cannot be confirmed, and should be a cause for concern if data security is important to you.

If you are willing to accept receiving GPG files which cannot have their integrity checked, then you can enable the Ignore MDC integrity check option for file decryption to bypass this check.

You can also contact your counterparty and ask them to include the MDC, if possible, when encrypting files. If your counterparty is using GPG to encrypt the file then they should use version 7 or later, which includes the MDC by default, or use the --force-mdc flag with older GPG versions to enforce the inclusion of the MDC.

Currently, files with a size greater than 1GB are not supported for either encryption or decryption. Make sure that files are smaller in size than 1GB prior to encryption or decryption.

Currently, signed files are not supported. For encryption, GPG Signing cannot be applied. For decryption, GPG files that are encrypted and signed will be decrypted but without any signature verification.

If a file is only partially uploaded, so that an incomplete file has been delivered, then decryption of that file will fail. Make sure that your counterparties upload files completely.

Errors encountered while attempting to encrypt or decrypt files will be logged in the Site Alert Emails, which are sent to site administrators that have opted-in to receiving these alerts.