If you require additional security foryour FTP data you can work with IBM? to change or setup your account to use Pretty Good Privacy (PGP) over FTP. The PGPfeature is set up at the directory level.

PGP uses both public-key and private-key cryptography and includesa system that connects the public key to a user's identity. The messagerecipient must have previously generated a linked-key pair whichincludes a public key and a private key.

The sender uses the recipient's public key to encrypt a sessionkey which is then used to encrypt the text of the message. The messagerecipient decrypts the message using the session key which was includedin the message in encrypted form and is decrypted using the recipient'sprivate key.

A similar strategy is used to detect whether a message has beenaltered since it was completed and whether it was sent by the companyclaiming to be the sender. The sender uses PGP to add to the messagea signature that is created using the sender's private key.

Sterling File Transfer Service performsthe following actions:

• Performs PGP decryption and encryption as messages come into andout of Sterling File Transfer Service.
• Verifies and generates digital signatures on inbound and outboundPGP messages.

Holds the private PGP keys of customers so that it can send andreceive encrypted messages on behalf of those customers. This allows Sterling File Transfer Service todecrypt and process incoming messages that have been encrypted withthe public key as well as sign outgoing messages so they appear tocome from the customer.