You can use Pretty Good Privacy (PGP) decryption with the files that Transfer Family processes with workflows. To use decryption in a workflow step, provide a PGP key.
The AWS storage blog has a post that describes how to simply decrypt files without writing any code using Transfer Family Managed workflows,
Encrypt and decrypt files with PGP and AWS Transfer Family
The operator that you use to generate your PGP keys depends on your operating system and the version of the key-generation software that you're using.
If you're using Linux or Unix, use your package installer to install
gpg. Depending on your Linux distribution, one of the following
commands should work for you.
sudo yum install gnupgsudo apt-get install gnupgFor Windows or macOS, you can download what you need from https://gnupg.org/download/
After you install your PGP key generator software, you run the gpg
--full-gen-key or gpg --gen-key command to generate a
key pair.
Note
If you're using GnuPG version 2.3.0 or newer, you
must run gpg --full-gen-key. When prompted for the type of key
to create, choose RSA or ECC. However, if you choose ECC, make sure to choose either
NIST or BrainPool for the elliptic curve.
Do not choose Curve 25519.
Algorithms supported for PGP key-pairs
We support the following algorithms for PGP key pairs:
-
RSA
-
Elgamal
-
ECC:
-
NIST
-
BrainPool
-
Note
We don't support cCurve25519 keys.
Useful gpg subcommands
The following are some useful subcommands for
gpg:
-
gpg --help– This command lists the available options and might include some examples. -
gpg --list-keys– This command lists the details for all the key pairs that you have created. -
gpg --fingerprint– This command lists the details for all your key pairs, including each key's fingerprint. -
gpg --export -a– This command exports the public key portion of the key for theuser-nameuser-name
