PGP (Pretty Good Privacy) encryption ensures secure data transfer between systems. Today, Zeotap CDP uses PGP encryption and decryption to protect batch file-based data during transfer. You can generate PGP-encrypted files using a public key provided by Zeotap CDP. When these files are transferred to Zeotap CDP, they are decrypted before being queued for ingestion. This process maintains data security during transfer.
PGP Protocol Version
Zeotap CDP follows RFC 4880 (OpenPGP Message Format) for PGP encryption. Both Zeotap CDP and the client must adhere to this standard for integration. RFC 4880 is used due to the limited adoption of RFC 9580, which is not widely supported.
Key Generation and Source Setup
Zeotap CDP generates a pair of asymmetric (public-private) keys for each account. During the source setup process, you can specify which data should be encrypted using PGP. This allows you to enable encryption only for the required and supported source platforms.
-
Key Generation - Zeotap CDP’s control plane generates a public and private key pair for your account using an in-house key generator. Below is an example PGP key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.68
mQENBGeHotcBCACEJH6HIkFUx1VbNEOD0uPdAwiFvRh15NfR2pOcl2zxFCtN4Zx4
avSi/632iyOs9ka1zuQ2LtqEoL+x+Me088rjjkgUDxvIzsf7Dsg8Hq4L/bZ0v3rY
vdhlOJJkXDFbKTsODWu5wqwIvIcu/g9OY4ilv/EtxVxy06T87ADtf5PMiHteNjU5
SnvxMY3GIR7AR0vfCubw7EMmawP1Cilnm1iPyYq+CWBzNBukqG7LdZKHXLO4YYSb
VJ8g4Ahih3I2VM9NIdi3kjWLVdwx2mrwUfrSYm6ZrlVICtFH9At0ociWLGI0ibQW
zCLgMCK87U3y7rxcc7uDhDLFd0w7KGYQ/PPXABEBAAG0EHNhbXBsZUBoZWxsbyxj
b22JARwEEAEIAAYFAmeHotcACgkQsjgFDNcK62/MWgf8Dd7POi564D6evjZDDMuU
ui3NdM4EY2NREuGji8fzz9zFsTxehVelAnKIgndU3d7fzW8HZZVYWMk5Se5idgX8
ERGMTjBHN4O2VnGMHdvZgIk/p9zjvJ5WxH46xrrwXRO+A7+VfqZdCAl9jYe9fom9
z8RkbGTA1qV9SwTQwPCoCOPcK0apjgDdcH1vofm+YKixgyZ3EA61cj/3Xx2nnHhR
cJCyO7YhQJEXa4wehLMUNy0x15ipxztI3yl6kewLVE/+JAbOKdqW1PRmEPKoulRh
DHGT2Su9Xa98bhwl+hq0mbk1UsRv2/TR+kd6vo4Ltysy6mVwAtq4JGjSsR6zyRQ4
Lg==
=2iES
-----END PGP PUBLIC KEY BLOCK-----
-
Source Setup - During source setup, if you select the PGP encryption option, then you can download the public key from the source Implementation Details tab or the admin portal.
Data Encryption and Ingestion
- Encrypting Data - Use the public key provided by Zeotap CDP to encrypt files before placing them in the designated storage bucket (for example, GCS or SFTP).
- File Drop - When the encrypted file is placed in the bucket, a cloud function triggers the decryption process. The private key is used to decrypt the file, and the decrypted data is moved to a raw data bucket for ingestion. Zeotap CDP manages the file drop for pull-based sources (for example, BigQuery, SFTP pull) by automatically placing the file in the appropriate bucket.
Important Considerations
- PGP Clients - Use PGP clients that follow the OpenPGP standard (RFC 4880).
- Session Keys - Ensure your PGP clients have session keys enabled by default for enhanced security.
- Key Management - Maintain proper key management processes for encryption and decryption.
Following these steps ensures the secure encryption and transfer of your data to Zeotap CDP, maintaining data integrity and confidentiality. Last modified on February 26, 2026
