GPG Encryption

Your files are secure by default on the Files.com platform. We use the latest and greatest encryption technologies to protect your files both in transit and at rest, but sometimes compliance or other security conditions require that you do more. For example: when a logged in user downloads a file, that file is decrypted and readable. What if one of your users is the victim of an email hack or other social hack, and their login credentials are leaked? What if one of your users walks away from their desk while logged in, and the wrong person walks by? Even though your files are secure on our platform, they can still fall into the wrong hands if one of your users is compromised.

That is why we offer the option of automatic GPG encryption at the folder level. This feature offers an extra level of security for your files.

What is GPG?

GPG stands for GNU Privacy Guard, which is an independent implemention of PGP. PGP, or Pretty Good Privacy, was originally developed as freeware copyrighted under the Gnu public license to provide the ability to securely share and transfer information with strong encryption. PGP was later turned into a proprietory program. GPG is a publicly licensed project of the OpenGPG Alliance, and is used interchangably with PGP.

How GPG Encryption works

Unlike the strong at-rest encryption that Files.com already applies by default, GPG encryption is a separate encryption process applied using a public GPG key that you provide when enabling GPG encryption for a folder.

Once files are encrypted with your public key upon upload, they can only be decrypted using the corresponding private key - a key that only you control. This renders your files unreadable by anyone - even Files.com - without the corresponding private key needed to decrypt the files.

Enabling GPG Encryption

Files.com site adminstrators enable GPG encryption on a per-folder basis.

Enabling GPG encryption for a particular folder also means that files uploaded to any subfolders within that folder will be automatically encrypted unless you explicitly disable the folder setting on a subfolder.

To enable GPG encryption, you will first need to generate a GPG/PGP key pair. For detailed instructions, please see our tutorial on generating GPG keys. Note that you may use a different public key for each folder you enable encryption for if you wish.

Once you have generated your GPG keys, log into the web interface as an administrator, and follow these steps:

  1. Navigate to the folder where you would like to enable GPG encryption, and click on the gear icon in the upper right to open the folder settings.

  2. Click on the GPG encryption setting and toggle the radio button that says Yes, use GPG encryption on all files in this folder and its sub-folders.

  3. In the Suffix field, enter a filename suffix to be appended to your uploaded files after they are encrypted. Something like .gpg makes sense for this field, but you can use any suffix that works for your use case.

  4. Paste the entire public key block into the Public key field, being careful not to alter or omit any of the text string.

  5. Click the Save GPG encryption button to apply the setting.

The GPG encryption feature will now indicate On, and your folder settings summary box will add a shield icon and say Auto-encrypted

Every file uploaded to this folder or its subfolders will now be encrypted using the public key you supplied.

Note: When enabling GPG encryption on a folder, files that were uploaded to the folder prior to enabling the setting will not be automatically encrypted. You can delete and re-upload any such files to have GPG encryption applied.