I'm assuming that you are trying to do this with with another organization, or company such as a bank or information sharing partner, and not just the random public. If that's the case, then actually, I believe there is a way to do this using Symantec File Share files (PGP Netshare). IF you:
1. Both you and the sender have Symantec Encryption Desktop with File Share Encryption (PGP Netshare) licenses
2. You use Symantec File Share group keys (SKM)
3. You have a managed key environment (Symatec Universal Server). This may be possible with unmanaged environment, but then keys are stored locally and this is probably not secure for group keys. Also, this bypasses the user's private keys and provides extra security of having the private keys stored only on the management server.
Note this doesn't work for standard PGP files, only PGP encrypted Symantec File Share files. They are different formats, but both use PGP encryption. If you want to do this with the general public or organizations not using Symantec Encryption Desktop with Symantec File Share, then your only option is to script it and store the passphrase somewhere/somehow securely using PGP Command line, or another product. Symantec Encryption Desktop doesn't do this seem to allow a way to do this in an automated fashion.
If what I described above is what you want to do though, here's how:
Sender of file (bank or other company):
- Purchase Symantec Encryption Desktop (SED) with a Symantec File Share license.
- Import the public key provided by the recipient and use pgpnetshare.exe or a Symantec File Share with the Recipient’s public key specified as the encryption key for the share to encrypt the file to the recipient.
- Encrypt the file to the recipient’s key in a Symantec File Share format. Command line is simply: pgpnetshare.exe -e -r “recipient keyid” -s “your keyid” --passphrase “passphrase”
- Send the Symantec File Share encrypted file to the recipient. Remember to blacklist SFTP from automatically decrypting files in the Symantec File Share policy settings, so the file remains encrypted when the SFTP application sends it.
Receiving side (you, and secure if using a management server to manage the group keys):
- Purchase Symantec Encryption Desktop with a Symantec File Share license.
- Set up a group and group key (SKM) on the management server
- Export and provide the PUBLIC key to the sender of the information.
- Add users that you want to be able to decrypt files received to the group.
- When receiving the Symantec File Share encrypted file from the sender, it will be a Symantec File Share encrypted file to your group key. It can be opened by any application running as a user account (service account, or other) that is managed by the Symantec Universal Server that is on the group for that group key.
Additional benefits:
- No need to cache/hardcode a passphrase or keyid. Since keys and access are managed by the server, there is no passphrase required and the client machine never has the key stored on it. Even if compromised, the intruder doesn’t get the private key for later use.
- Ease of management. Add/remove users/accounts access privileges without needing to recode anything. Change keys and provide the new public key to the sender without needing to update code to decrypt that is based on a hard coded key or passphrase!
- No additional coding required to work with your existing applications. Applications will work seamlessly to decrypt files when SED is installed and running as an authorized user of the group. No additional coding required to decrypt the file and send the file data to an application.
- Files remain encrypted, there is no intermediary step required to decrypt the file.
- Have scheduled tasks and automated processes that can now automatically and seamlessly decrypt files without needing to do anything special! Just have the SED client installed and configured to run for the account that runs the scheduled task/automated process. Note, this may require that the account have an active session on the machine to automatically decrypt files as a scheduled task.
I'm not sure about standalone clients as the group private keys would probably reside on the client machine... so I wouldn't recommend that, but maybe someone who uses an unmanaged environment can tweak this for that situation.