PGP keys
PGP keys are essential for encoding and decoding files.
PGP keys are used to cryptographically encode and decode files and make them unintelligible except to the party that possesses the correct key. There are always two associated PGP keys: a public key to encode files and the matching private key to decode the files.
To encrypt files sent to Experience Cloud, the sending system uses one of the Medallia public PGP keys. Once the file is received, the importer automatically decrypts the file with the appropriate private key (maintained internally).
Importing and exporting files
For secure file transfers, companies should use PGP keys. Identify the correct key for the situation and share it with the IT administrator responsible for the file transfer setup. The administrator uses this key to configure the company's encryption system. The importer automatically detects and decrypts PGP encoded files, provided the filename ends with .asc
, .pgp
or .gpg
, or if the file appears to be PGP encrypted.
Basically, PGP decryption of a feed file occurs based on 3 criteria:
- The filename ends in
.pgp
. - The filename ends in
.gpg
. - The first line of the file starts with
-----BEGIN PGP MESSAGE-----
, regardless of filename.
If the system is unable to decrypt the file, the problem is often mismatched PGP keys. See Troubleshooting PGP issues for help identifying the mismatch.
Companies wanting to receive encrypted exports need to provide their public key. Medallia expects keys to follow the OpenPGP Binary format (file extensions: .asc, .pgp, and .gpg).
Sharing a public key
Prioritize security when distributing public keys. While email transmission is not inherently secure — since it is subject to potential interception and key substitution — it is generally considered acceptable for non-sensitive exchanges. For heightened security, parties should opt for a mutually agreed upon secure method of key exchange.
To send a public key, open or display the file (it is plain text) and copy the entire text block. For PGP keys include the BEGIN
and END
lines (see Medallia public PGP keys for examples).
To verify receipt, each party should compare the file's hash value. For example, when a company receives a Medallia PGP public key, they should use a hash generator to create a hash value of the file they received. Then the sender and recipient can read the hash to each other (on a phone call or messaging system) to verify it is the same. The keys listed in Medallia public PGP keys include the MD5 and SHA-256 hash values.