PGP Template Management

Control-M MFT transfers can integrate with your PGP application, which enables you to encrypt or decrypt files on a local computer before or after a transfer.

  • To enable PGP integration into Control-M MFT, you must have a PGP application, which supports batch command line operations, installed on the local computer.

  • To execute PGP commands, at least one of the endpoints in the job definition must be a File System connection profile.

  • (Windows only)The user defined in the File System connection profile must have Log on as a batch job policy in the Local Security Policy window.

To create a PGP template, see Creating a PGP Template

Creating a PGP Template

This procedure describes how to create a PGP template, which can be used to define PGP commands in the properties pane.

BMC recommends that you use one of the pre-defined GnuPG or PGP templates supplied by Control-M MFT, which define the command line parameters for these PGP applications.


  1. From the icon, select Configuration.

  2. From the drop-down list, select Plug-ins.

    The Plug-ins tab appears.

  3. Select the File Transfer plug-in.

  4. From the Configuration drop-down list, select PGP templates management.

    The PGP templates management pane appears.

  5. Click .

    The PGP template details pane appears.

  6. For each field, type the required value, as described in PGP Template Parameters.

  7. Click OK.

    The PGP template appears in the PGP templates management pane.

PGP Template Parameters

The following table lists the PGP template parameters.



Template Name

Defines the name of the PGP template (30 characters maximum length).

PGP Executable Full Path

Defines the location and name of the executable file for the PGP application

Exit Code

Defines the code of a successful PGP operation


Determines the name of the recipient that is defined in the encrypt command


Defines the passphrase that is used to decrypt the file

Encryption/Decryption Parameters

Defines the PGP command line parameters for encryption or decryption.

The following variables can be used:

$$PGP_PASSPHRASE$$: Determines the passphrase that is defined in the Passphrase field. This provides additional security as you do not have to write the passphrase in the PGP command.

$$PGP_RECIPIENT$$: Determines the recipient name that is defined the Recipient field.

$$PGP_INPUT_FILE$$: Determines the name of the file to encrypt/decrypt

$$PGP_OUTPUT_FILE$$: Determines the name and the location of the encrypted/decrypted file. You need to use this variable with the output option of your PGP application.

You must use both $$PGP_INPUT_FILE$$ and $$PGP_OUTPUT_FILE$$ when defining a PGP template, otherwise Control-M MFT fails to complete the PGP operation.

There are 2 predefined read-only templates, GnuPG_TEMPLATE and PGP_TEMPLATE, for the GnuPG and PGP utilities respectively. You can duplicate a template and modify it according to your needs.


Decrypt GnuPG: -d --batch --passphrase $$PGP_PASSPHRASE$$ -o $$PGP_OUTPUT_FILE$$ $$PGP_INPUT_FILE$$