I recently had a conversation with one of our customers about the automatic encryption webinar they attended. The webinar demonstrated how companies can implement AES encryption on their AS/400 without making application changes. This customer currently has our managed file transfer solution, FTP Manager with PGP encryption, and was confused as to why they would need AES encryption if they were using PGP. I explained that PGP encryption protects data in motion - when it is transferred outside his company. If he was storing data on his AS/400, he would need AES encryption to protect his data at rest.
AES Encryption
AES encryption is the standard when it comes to encrypting data in a database. Advanced Encryption Standard (AES) has been adopted as a standard by the US government and many state and local agencies. AES is the recommended encryption method for PCI, HIPAA/HITECH, GLBA and individual state privacy regulations. AES encryption uses an encryption key to encrypt the data. Typically, this key is stored on the AS/400 and used when the data needs to be decrypted. To side track here a little, this is not a good idea. Leaving your encrypted data and keys in the same place is like leaving the key to your house under your door mat. If you want to learn more about why this is a bad idea, take a look at this blog article on the topic.
PGP Encryption
PGP encryption is the standard when it comes to encrypting files that need to be transferred. Pretty Good Privacy (PGP) is the standard for encrypted file exchange among the world’s largest financial, medical, industrial, and services companies. Also know that when encrypting a file with PGP, you may be using AES encryption.
AES encryption and PGP encryption solutions work together to ensure that all your sensitive data is secure. AES will protect data at rest within your organization and PGP encryption keeps it secure when it is sent outside your company.
I hope this has been helpful in better understanding the differences and similarities of PGP encryption and AES encryption. Learn more about AES and PGP encryption with the webinar "Automatic Encryption on the IBM i" that spurred this conversation or the whitepaper "AES Encryption and Related Concepts".