Pretty Good Privacy (PGP) is encryption software that provides cryptographic privacy and authentication of data. The holder of a private key can encrypt, sign, or both encrypt and sign data. Whomever has the public key can decrypt and verify the data. To ensure the privacy and integrity of student data sent to National Student Clearinghouse (NSC), we will encrypt and sign the data sent to NSC using HVCC’s private key. NSC will decrypt and verify the data once received. Likewise, the data NSC sends to HVCC will be encrypted with NSC’s private key. HVCC would then decrypt that data using NSC’s public key available here:
http://www.studentclearinghouse.org/pgp/ClearinghousePublicKeyRSA.asc
PGP Software
Encrypting the Data
To encrypt the data, we will be using a PGP program called Gpg4win. The download is available here:
https://www.gpg4win.de/index.html
Once installed, encrypting and signing a file can be done by right-clicking on the file and selecting Sign and encrypt:
In the window that opens, we will select the key used to sign and encrypt the file:
A new file has been created with a .gpg extension:
Decrypting and Verifying the Data
To decrypt and verify the data, right-click the encrypted file and select Decrypt and verify:
The window that opens runs through the decryption and verification process then allows you to select the location to save the decrypted file to:
For data encrypted by NSC, we would use their public key to decrypt and verify the data.