Skip to Content

Scripting example - Encrypt file with open PGP

This C# plugin takes encrypts a file with with Open PGP encryption."ascFile" is a string of full path and filename of the ASC File (should be a provided file for encryption).

Use case

This could be used when the business has a file it shares with a third party via MFT/SFTP and requires it to be encrypted for additional security during transmission to secure PII data.

Plugin references

Column Data Type Description
ascFile String full path and filename of the ASC File
InFile String full path and filename of the file to be encrypted
OutFile String full path and filename desired for the encrypted output file (typically {{InFile}}||'.pgp'or {{InFile}}||'.gpg'

Open PGP file encryption script

#r "BouncyCastle.Crypto.dll"
using System;
using System.Text;
using System.Collections;
using System.IO;
using System.Linq;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Asn1.Utilities;
using Org.BouncyCastle.Bcpg;
using Org.BouncyCastle.Bcpg.OpenPgp;
using Org.BouncyCastle.Utilities.Encoders;
// This is the path to the ASC file
string ascFile = @"c:\PGP.asc";
// Script expects 2 cells in the row action
// "InFile" - full path to file to read (unencrypted file)
// "Outfile" - full path to file to write (encrypted file)
string inFile = Row["InFile"].Value.ToString();
string outFile = Row["OutFile"].Value.ToString();
// The following is from Org.BouncyCastle.Bcpg.OpenPgp.Examples.KeyBasedFileProcessor
EncryptFile(outFile,inFile,ascFile,armor: true,withIntegrityCheck: false);
        string GetAlgorithm(
            PublicKeyAlgorithmTag algId)
            switch (algId)
                case PublicKeyAlgorithmTag.RsaGeneral:
                    return "RsaGeneral";
                case PublicKeyAlgorithmTag.RsaEncrypt:
                    return "RsaEncrypt";
                case PublicKeyAlgorithmTag.RsaSign:
                    return "RsaSign";
                case PublicKeyAlgorithmTag.ElGamalEncrypt:
                    return "ElGamalEncrypt";
                case PublicKeyAlgorithmTag.Dsa:
                    return "DSA";
                case PublicKeyAlgorithmTag.ECDH:
                    return "ECDH";
                case PublicKeyAlgorithmTag.ECDsa:
                    return "ECDSA";
                case PublicKeyAlgorithmTag.ElGamalGeneral:
                    return "ElGamalGeneral";
                case PublicKeyAlgorithmTag.DiffieHellman:
                    return "DiffieHellman";
            return "unknown";
void EncryptFile(
            string  outputFileName,
            string  inputFileName,
            string  encKeyFileName,
            bool    armor,
            bool    withIntegrityCheck)
            PgpPublicKey encKey = ReadPublicKey(encKeyFileName);
            using (Stream output = File.Create(outputFileName))
                EncryptFilePGP(output, inputFileName, encKey, armor, withIntegrityCheck);
void EncryptFilePGP(
            Stream          outputStream,
            string          fileName,
            PgpPublicKey    encKey,
            bool            armor,
            bool            withIntegrityCheck)
            if (armor)
                outputStream = new ArmoredOutputStream(outputStream);
                byte[] bytes = CompressFile(fileName, CompressionAlgorithmTag.Zip);
                PgpEncryptedDataGenerator encGen = new PgpEncryptedDataGenerator(
                    SymmetricKeyAlgorithmTag.Cast5, withIntegrityCheck, new SecureRandom());
                Stream cOut = encGen.Open(outputStream, bytes.Length);
                cOut.Write(bytes, 0, bytes.Length);
                if (armor)
            catch (PgpException e)
                Exception underlyingException = e.InnerException;
                if (underlyingException != null)

PgpPublicKey ReadPublicKey(string fileName)
            using (Stream keyIn = File.OpenRead(fileName))
                return ReadPublicKey(keyIn);

PgpPublicKey ReadPublicKey(Stream input)
            PgpPublicKeyRingBundle pgpPub = new PgpPublicKeyRingBundle(
            // we just loop through the collection till we find a key suitable for encryption, in the real
            // world you would probably want to be a bit smarter about this.
            foreach (PgpPublicKeyRing keyRing in pgpPub.GetKeyRings())
                foreach (PgpPublicKey key in keyRing.GetPublicKeys())
                    if (key.IsEncryptionKey)
                        return key;
            throw new ArgumentException("Can't find encryption key in key ring.");
byte[] CompressFile(string fileName, CompressionAlgorithmTag algorithm)
            MemoryStream bOut = new MemoryStream();
            PgpCompressedDataGenerator comData = new PgpCompressedDataGenerator(algorithm);
            PgpUtilities.WriteFileToLiteralData(comData.Open(bOut), PgpLiteralData.Binary,
                new FileInfo(fileName));
            return bOut.ToArray();