Technical

> Using PGP with SPEEDE

  1. Register with SPEEDE.
  2. Obtain and install a copy of the PGP software.
  3. Generate your public and private keys.
    • Download the SPEEDE Key File Generation Guide (pdf)
    • For command-line PGP, generally, the command is pgp -kg
    • Choose a large key size. Larger keys are more secure.
    • Choose a good pass phrase, using the same criteria you would use for choosing any other password.
  4. Extract your public key and send it to the server.
    • Extract your key with ASCII armor or Asciified, as it is referred to in some versions.
    • For command-line PGP, the command is pgp -kxa. PGP will prompt you for your userID and a file to save your key in. Or you can enter pgp -kxa userID filename. The “-a” option means ASCII output.
  5. Before sending your file, check that it contains an ASCII-armored key.
    • Open the file in a text editor like BBEdit, SimpleText, or HomeSite. If the editor can’t open the file, you don’t have an ASCII file.
    • If the file doesn’t begin with “—–BEGIN PGP PUBLIC KEY BLOCK—–” and end with “—–END PGP PUBLIC KEY BLOCK—–,” you don’t have an ASCII-armored file.
  6. Email your key file to the server.
  7. Add SPEEDE’s public key to your public key ring.
    • Please incorporate the Clearinghouse SPEEDE public PGP key into your PGP key ring and use it to encrypt files you send to us and decrypt files you receive from us.
    • Access the Clearinghouse SPEEDE public PGP key.
  8. Encrypt your file with the server’s public key before you send it through the server.
    • For command-line PGP, the command is pgp -seat filename Server’s-userID. The options mean:
      • -s = sign
      • -e = encrypt
      • -a = ASCIIfy the output file
      • -t = use recipient’s textline conventions
    • Whatever PGP version you’re using, use these same options. They may be worded somewhat differently in different versions.
    • If you’ve done everything right, the encrypted file should begin with “—–BEGIN PGP MESSAGE—–” and end with “—–END PGP MESSAGE—–.”
    • The userID on the server’s public key is “SPEEDE-support@studentclearinghouse.org.”
    • Use of the signature option is highly recommended. The signature allows the server to 1) verify that the file has not been altered and 2) authenticate that the file was sent by you and not someone else.
  9. Send the encrypted file to the server in the usual way.
    • Encrypted files can be sent via either FTP or email.
    • Because the server uses some of the header information, the file must be ASCII-armored.
  10. When you receive an encrypted file from the server, decrypt it before processing.
    • For command-line PGP, the command is pgp filename. You can use the option “-o outputfilename” to specify a file name for saving the decrypted file.
  11. Process the file as usual.

 

> SSH FAQs

> Does the SPEEDE Server offer secure FTP using SSH protocol?

Yes. The SPEEDE Server uses SCP (secure copy protocol) to send documents securely through encrypted channels. The SPEEDE Server also allows registered users to send files to it via secure FTP using a subsystem of the SSH protocol (hereafter, referred to as “SFTP”).

> What do I need to do to have the SPEEDE Server send files to me via SFTP?

The SPEEDE Server administrators need to connect to your server to complete an initial “handshake,” which involves uploading our public key to your server. Basically, you need to have an SSH server with the SFTP subsystem configured. You also need to send us a user name and password, along with the server’s host name or IP address. We will then upload our public key and confirm that we can connect to your server securely using public key authentication. Once this is confirmed, SPEEDE is ready to send electronic documents to you via SCP.

> Can the SPEEDE Server send via SFTP without public key authentication?

No, the SPEEDE Server needs to use public key authentication when sending documents. Using a password is an interactive step (waiting for a prompt on the screen), whereas the SPEEDE Server sends via SFTP in batch format.

> What do I need to do to send to the SPEEDE Server via SFTP?

First, you must establish an FTP account with the SPEEDE Server, which you can request when you register for SPEEDE. Please inform us at SPEEDE-support@studentclearinghouse.org that you are going to send files via SFTP so we can change your regular FTP account to an SFTP account. You can choose whether to connect to the SPEEDE Server using a password or public key authentication. If you choose public key authentication, we will need your public key installed in your SFTP directory on the SPEEDE Server.

> I am using OpenSSH. Is that compatible with the SSH program the SPEEDE server uses?

Yes, the two systems are compatible. It requires only a conversion of our public key from SSH.com’s format to the OpenSSH format on your SFTP server.

> Where do I get SSH and how do I install it?

Please see the SSH.com’s product documentation page and OpenSSH.