If you require additional security for your FTP data you can work with IBM? to change or set up your account to use Pretty Good Privacy (PGP) over FTP. The PGP feature is set up at the directory level.

PGP uses both public-key and private-key cryptography and includes a system that connects the public key to a user's identity. The message recipient must have previously generated a linked-key pair which includes a public key and a private key.

The sender uses the recipient's public key to encrypt a session key which is then used to encrypt the text of the message. The message recipient decrypts the message using the session key which was included in the message in encrypted form and is decrypted using the recipient's private key.

A similar strategy is used to detect whether a message has been altered since it was completed and whether it was sent by the company claiming to be the sender. The sender uses PGP to add to the message a signature that is created using the sender's private key.

Sterling File Transfer Service performs the following actions:

• Performs PGP decryption and encryption as messages come into and out of Sterling File Transfer Service.
• Verifies and generates digital signatures on inbound and outbound PGP messages.
• Holds the private PGP keys of customers so that it can send and receive encrypted messages on behalf of those customers. This allows Sterling File Transfer Service to decrypt and process incoming messages that have been encrypted with the public key as well as sign outgoing messages so they appear to come from the customer.