PGP SFTP Encryption Configuration

Last updated: March 11, 2026

Overview

PGP + SFTP is an optional secure file transfer method used to deliver sensitive data to financial institutions (FIs).

Files are encrypted using your institution’s public PGP key before being uploaded to your SFTP server. Only your institution can decrypt the file using your private key.

This process ensures:

  • End-to-end encryption of sensitive data

  • Secure delivery through a dedicated SFTP server

  • Compliance with standard financial industry security practices

For financial institutions, this setup reduces risk exposure and ensures sensitive files are transmitted and stored securely.

How PGP + SFTP Works

The secure file delivery process follows this structure:

Financial Institution (FI):

  • Generates a PGP key pair

  • Shares the public key

  • Provides SFTP server details

Glide:

  • Encrypts files using the FI’s public key

  • Uploads encrypted files to the FI’s SFTP server

Financial Institution:

  • Downloads encrypted files from SFTP

  • Decrypts them locally using the private key

FI Setup Requirements

To receive encrypted files, your FI must complete the following steps:

1. Generate a PGP Key Pair

  • Create a public/private PGP key pair (using GnuPG or your preferred encryption tool).

  • Keep the private key secure within your organization.

  • Export your public key for sharing.

Important: The private key should never be shared externally.

2. Share Your Public Key

  • Provide the ASCII-armored public key file (.asc) via a secure channel.

  • Only the public key should be shared.

This key will be used to encrypt all outbound files before upload.

3. Provide SFTP Server Details

Share the following SFTP configuration information:

  • Hostname

  • Port

  • Username

  • Authentication method (SSH key preferred; password if required)

Your SFTP server should allow secure file uploads.

4. Confirm Destination Folder

  • Provide the remote directory/path where encrypted files should be uploaded.

  • Confirm any file naming conventions (if applicable).

5. Set Up Decryption Process

Once files are uploaded:

  • Download encrypted files (.pgp) from your SFTP server.

  • Decrypt them locally using your private key.

Decryption can be completed:

  • Manually

  • Via automated script or scheduled job

Testing the Setup

Before going live, a test file will be sent.

Your FI should confirm:

  • Successful SFTP connection

  • File appears in the expected directory

  • File decrypts successfully using your private key

  • File contents can be opened and validated

Once testing is complete, production file delivery can begin.

Frequently Asked Questions

Does Glide ever receive our private key?

No. The private key remains with your institution at all times.

Are files encrypted in transit?

Yes. Files are encrypted before upload (PGP) and transmitted securely via SFTP.

What happens if we lose our private key?

You would need to generate a new key pair and provide the updated public key. Previously encrypted files cannot be decrypted without the original private key.