Using the PGP Task

The PGP Encryption Task is an SSIS control flow task that can be used to perform encryption actions on a file.

The task includes the following two pages to configure what action to take.

  • General
  • Error Handling

General Page

The General page of the PGP Task Editor allows you to specify the general settings of the component.

SSIS PGP Task Editor


The PGP Task can take one of six actions:

  • Encrypt: Encrypt a file using a public key. It can be decrypted using a corresponding private key.
  • Encrypt And Sign(since v21.1): The output file contains the encrypted data and signature.
  • Decrypt: Decrypt an encrypted file using a private key.
  • Create Signature: Create a signature file from a source file and a private key that can be used to verify that the file has not changed.
  • Verify Signature: Verify that a source file has not changed using a signature file and a public key.
  • Verify Encrypted And Signed File(since v21.1): Verify that a source file that contains encrypted data and signature has not changed with a private key.
Source File Settings
Source File Path

The Source File Path is the file that you want to take action on. For the Encrypt, CreateSignature, and VerifySignature actions it will be any type of file. For the Decrypt action, this will need to be an encrypted file.

Signature File Path

The Signature File Path specifies the location of a file signature that will be used to verify the source file. This property is only used for the VerfiySignature action.

Destination File Settings
Destination Path

This is the path for any output file that will be created, the type will depend on the action being taken. For the Encrypt action, this will be an encrypted file. For the decrypt action, this will be the path to the unencrypted file. For the CreateSignature method, this will be a signature file.

Overwrite Existing Items

The Overwrite Existing Items property determines if any output file created should overwrite an existing item in the same location.

Use ASCII Armor

Selecting this option allows you to specify the format of the output encrypted file to be ASCII Armor. When it is unchecked the output file will be in binary.

Key Settings
Public Key Location

The Public Key Location specifies the location of the public key that will be used.

Public Key Id

A public key file can contain multiple keys if it is a key ring. The Public Key Id field allows you to select the specific key to use.

Private Key Location

The Private Key Location specifies the location of the private key that will be used.

Private Key Password

The Private Key Password is used in conjunction with the private key as an extra layer of security.

Generate New Key Pair

SSIS PGP Task Editor

If you do not have an existing public/private key pair, you can generate a new one using the Generate New Key Pair button. This will launch a dialog that will let you specify the public key identifier, public key path, private key path, and private key pass phrase. Keys will immediately be generated at the specified paths using the specified Key Size.

Expression Editor

If you would like to set the paths for some of the above properties from a variable, the Expression Editor button can help you do this. This button will launch the SSIS Property Expressions Editor. Here you can select a property, and set its expression to a variable, or any other type of expression.

Error Handling Page

The Error Handling page provides options for handling errors with the PGP Task.

SSIS PGP Task Editor - Error Handling

Error Handling

The Error Handling option allows you to specify how errors should be handled when they happen. There are three options available:

  1. Fail on error
  2. Write error to variable
  3. Ignore error
Verify Signature

The Verify Signature properties provide options for what to do with signature verification results. The options are to either Raise Error on Verify Failure, or Output Result to a Variable. If the Output Result to Variable option is selected a combo box will allow the selection of a boolean datatype variable.


The Output Detailed Information(since v21.1) checkbox on the Advanced page to enable report encryption/decryption of detailed Information to log during the runtime.