PGP File Encryption
PGP combines some of the best features of modern cryptography, including compression, digital signatures and public key encryption.
Although Equifax Data Gateway Services (DGS) only utilizes encrypted protocols for its batch file transfers (Connect Direct, HTTPS, SFTP), PGP encrypting your data files prior to transfer adds an additional layer of data protection.
Files Batch File Transfers via Equifax DGS
Equifax security mandates that all batch file transfers with external clients/vendors must be PGP encrypted with a PGP key that meets the below requirements.
- REQUIRED - PGP key length is 2048+ bits.
- REQUIRED - PGP key is created in RSA format.
- REQUIRED - Public PGP key block contain separate Encrypt and Sign sub keys.
- REQUIRED - PGP key contains a future expiration date.
- REQUIRED - Features list includes MDC
- REQUIRED - Cipher list includes AES256
- PREFERRED - AEAD feature is removed
Asymmetric PGP Encryption
Equifax requires all PGP operations to utilize asymmetric encryption. This method of encryption requires a public/private PGP key pair.
- Public key is used to encrypt data files.
- Private key is used to decrypt data files.
PGP Encryption Process (High Level)
The following high level steps are necessary to use PGP to encrypt files before sending to Equifax:
- Obtain and install PGP software (see https://www.openpgp.org or https://www.gnupg.org for more information on compatible software products)
- The below tutorials provide step by step guidance on how clients can implement Equifax PGP standards using OpenPGP.
- Equifax DGS PGP Tutorial- Command Line - Walkthrough uses command line as the interface for OpenPGP.
- Equifax DGS PGP Tutorial- Kleopatra - Walkthrough uses Kleopatra, a user friendly interface for OpenPGP.
- IMPORTANT NOTE: Equifax does not recommend any specific File Encryption Software. We do suggest, however, that its Trading Partners that are unfamiliar with PGP encryption choose a software package that has its own help desk that provides support for any technical issues.
- The below tutorials provide step by step guidance on how clients can implement Equifax PGP standards using OpenPGP.
- Download the Equifax DGS public keys from the links provided below.
- Import each public key into your key ring and configure as follows:
- Encrypting files sent to Equifax DGS using AES 256 encryption cipher algorithm.
- Certify as the signing key for encrypted files received from Equifax DGS.
General Guidelines
- Compression is built into the encryption, so it is not necessary to zip your data files before or after encryption.
- Issued keys will expire every 2 years.
Download Public Key - Certify and Encrypt (New Version, 4096 bit)
4096_bit_EFX_MFT_UAT_Public_PGP_0xC81A11BF702616A6_Exp_12/15/2027_Certify_Encrypt - Expires Wednesday, 12/15/2027, 11:59 PM ET
Sha256 Key Hash: 41fd982580d19e4f9595471d003ccd53f40934902025f7f020a796592faa88d2
4096_bit_EFX_MFT_PRD_Public_PGP_0x582541903D7FB42B_Exp_12/15/2027_Certify_Encrypt - Expires Wednesday, 12/15/2027, 11:59 PM ET
Sha256 Key Hash: 9fdb717db8a1c1cfc719b67c9cb8cda0cf4300921ffa217858fe9c604e972674
Download Public Key - Signing (New Version, 4096 bit)
4096_bit_EFX_MFT_UAT_Public_PGP_0xC81A11BF702616A6_Exp_12152027_Signing - Expires Wednesday, 12/15/2027, 11:59 PM ET
Sha256 Key Hash: ccd3347f577d934c5ef45fa32750bd7fac0d0a3b6afcbe305e7789711617142c
4096_bit_EFX_MFT_PRD_Public_PGP_0x582541903D7FB42B_Exp_12/15/2027_Signing - Expires Wednesday, 12/15/2027, 11:59 PM ET
Sha256 Key Hash: 940a90fe555178d46a3d5a0eb15be0c88a3dbc23747b34ce42126ecb010f2f86
Related Links