HMRC Secure Electronic Transfer (SET) How to use HMRC SET using PGP Desktop Version 2.0
Contents Welcome to HMRC SET 1 HMRC SET overview 2 Encrypt a file to send to HMRC 3 Upload files to the Government Gateway 6 E-mail notifications (File uploaded) 9 Download files from the Government Gateway 9 Decrypt downloaded files 13 Confirm decrypted files 17 Troubleshooting Unable to encrypt 18 Troubleshooting Unable to log onto Government Gateway 19 Troubleshooting Unable to decrypt 21 Troubleshooting E-mail notifications 21 Glossary 22
Welcome to HMRC SET What is HMRC SET? HMRC provide the Secure Electronic Transfer (SET) service hosted by the Government Gateway website and enables organisations to transact data with HMRC securely over the Internet by utilising a combination of encryption keys and digital certificates. Contact the HMRC SET Customer Management Team to discuss the types of data that can be transferred using HMRC SET. Please note it is forbidden to transfer executable (.exe) files via the HMRC SET service. HMRC Your organisation Encrypted How does HMRC SET work? HMRC SET uses a combination of encryption keys and digital certificates to secure data returns for transfer through the Government Gateway. Organisations create a Transport Layer Security (TLS) certificate during the HMRC SET installation process to facilitate the use of the HMRC SET web pages via the Government Gateway. Encryption keys are created in conjunction with the HMRC SET Customer Management Team and an HMRC approved Certificate Authority. A combination of HMRC s and the organisation s keys are then used to encrypt/decrypt data returns for transfer across the secure HMRC SET website. Automated HMRC SET e-mail messages act as receipts of your organisation s data transfer. The purpose of this document is to explain how to use the HMRC SET service to submit or receive files once you have completed the HMRC SET installation. Help and assistance The dedicated HMRC SET Customer Management Team can provide further documentation, help and assistance as required. E-mail: MDTSSETCustomerManagement@hmrc.gsi.gov.uk Telephone: +44 (0) 3000 597222 1 HMRC SET Using PGP TM desktop
HMRC SET overview The diagram below shows a high level overview of how your organisation can exchange encrypted data with HMRC using the HMRC SET service. Exchanging files Your Your files Encryption software Upload/download HMRC encrypt/decrypt organisation (Encrypt/decrypt your files) encrypted files via your files Government Gateway HMRC HMRC SET pre-requisites Please remember you must have your pre-requisites in place before you wish to use the HMRC SET service. For details on what pre-requisites are required please refer to the HMRC SET Installation and key renewal overview document, page 2 What will you need to use HMRC SET? 2 HMRC SET Using PGP TM desktop
Encrypt a file to send to HMRC To encrypt a file, start by opening Pretty Good Privacy Desktop (PGP Desktop) and follow the screens below. Figure 2. Locate the file you wish to encrypt and drag and drop the file as per the on-screen instruction, into the window provided. Figure 1. Once open, navigate using the menu on the left hand side of the PGP Desktop window. Select PGP Zip then New PGP Zip. Figure 3. Once you have dragged and dropped the file you should have a screen similar to this. When you do select Next. 3 HMRC SET Using PGP TM desktop
Figure 4. Select Recipient keys, click Next. Figure 6. Click Add, then select Next. Figure 5. From the drop down menu, select the HMRC To key (CN=100100100100.to.hmrc.gov.uk.asc). Figure 7. Select your organisation s From key. 4 HMRC SET Using PGP TM desktop
Figure 8. Type in your keys passphrase, select where you wish the encrypted file to be saved to followed by clicking Next. Figure 9. A summary screen will be displayed. Ensure the file name is correct and ends in.pgp to show it is encrypted. Check that the User key (recipients To key) and Signing key (your From organisation key) are correct. Then click Finish. If no errors are highlighted the file is now encrypted. 5 HMRC SET Using PGP TM desktop
Upload files to the Government Gateway Now that you have an encrypted file ready to send, open your Internet browser and go to www.gateway.gov.uk Before sending any files please ensure all files adhere to the correct naming convention. This applies to all individual files and batches of files. If you are unsure whether your filenames meet this criteria please review the file naming convention given in the examples tab of your HMRC SET File Transfer Schedule or contact the HMRC SET Customer Management Team. Figure 11. Enter your Government Gateway ID and password followed by clicking Login. Figure 10. Once the Government Gateway site has loaded, select Enter the Government Gateway. Figure 12. Select HMRC Secure Electronic Transfer. 6 HMRC SET Using PGP TM desktop
Figure 13. In the pop up window select your organisation s TLS certificate and click OK. Figure 15. Select Send Files. Figure 14. The HMRC SET homepage will load and the navigation menu will appear on the left of the page. Figure 16. Click Browse. 7 HMRC SET Using PGP TM desktop
Figure 17. In the pop up window, browse to the location of the encrypted file, select the encrypted file and click Open. Figure 19. Once you have clicked Send, a message will be displayed confirming your file has now been uploaded to the Government Gateway. Do not log out of the Government Gateway or close your Internet browser until you receive the File Stored e-mail notification. Figure 18. Click the Tick Box to confirm you agree to the service Terms and Conditions, followed by Send. 8 HMRC SET Using PGP TM desktop
E-mail notifications (File uploaded) On successful upload to the Government Gateway you will receive the following e-mail notifications to the specified e-mail address in your HMRC SET Preferences. File Stored File Deleted File Processed Download files from the Government Gateway You will receive an e-mail notification from the Government Gateway as below, when a file is ready for retrieval. Example. File Awaiting Retrieval. Example. File Stored indicates successful upload to the HMRC SET servers. If you do not receive the above notifications after sending files do not resend the file. Please contact the HMRC SET Customer Management Team for assistance. You must actively monitor the e-mail account specified in your HMRC SET Preferences as files are only stored on the Government Gateway for a period of 72 hours from the time of upload. 9 HMRC SET Using PGP TM desktop
After 72hrs the file will be deleted and will no longer be available for retrieval. You will receive additional e-mail notifications advising if a file has not been retrieved as follows 24 Hours Expiry Warning. File Automatically Deleted (failure to retrieve file after 72 hours). If you have been unable to retrieve a file within 72 hours you will need to e-mail the HMRC SET Customer Management Team to request a resend of the data. However any resends are at HMRC s discretion and may incur a charge. When you have received an e-mail notification that a file is awaiting retrieval, open your Internet browser and go to www.gateway.gov.uk Log on to the HMRC SET service using your Government Gateway User ID and password, then select your TLS digital certificate when prompted as shown in the screens below. If you encounter any issues logging onto the Government Gateway or accessing the HMRC SET web pages, please refer to the trouble shooting pages of this document or contact the HMRC SET Customer Management Team for assistance. Figure 21. Enter your Government Gateway ID and password followed by clicking Login. Figure 20. Once the Government Gateway site has loaded, select Enter the Government Gateway. Figure 22. Select HMRC Secure Electronic Transfer. 10 HMRC SET Using PGP TM desktop
Figure 23. In the pop up, select your organisation s TLS certificate and click OK. Figure 25. Copy and Paste or manually enter the file name (provided in your e-mail notification) into the box and ensure the Retrieve File radio button is selected before clicking Continue. When you have logged on successfully follow the instructions below to retrieve a file. Figure 24. Using the menu on the left hand side select Retrieve Files. Figure 26. On the next screen, click the Blue Hyperlink. Do not use the Confirm button! If you click this button your file will be deleted. 11 HMRC SET Using PGP TM desktop
Figure 27. On the pop up window that displays you will be asked if you want to open or save the file. Select Save. Figure 28. A pop up window will display. Save the file to your preferred location. Do not alter the file name at this stage. 12 HMRC SET Using PGP TM desktop
Decrypt downloaded files Once the file has been retrieved from the Government Gateway, open the directory (folder) where it was saved and follow the steps below to decrypt it. PGP Desktop and HMRC SET s standard test file have been used to illustrate the steps. Figure 29. Another pop up window will display once your file has completed downloading. Click Close when complete. Figure 30. Right click on the file and select Rename from the menu. Remove the date and time so the file name ends in.pgp. 13 HMRC SET Using PGP TM desktop
111222333444.to.RiverLakeCompany.co.uk ********* Figure 31. Screen shot of an example file name once the date and time has been removed. Figure 33. A pop up window will be displayed. Enter the passphrase and click OK. Figure 32. Once renamed, right click on the file, select PGP Desktop followed by Decrypt & Verify. 14 HMRC SET Using PGP TM desktop
Figure 34. Once you have entered the passphrase for your Private key, the PGP Desktop Verification History window will appear. Minimise the screen and browse to the location where the retrieved file was saved. NB: If you now have two files (the file you retrieved and saved and a decrypted version of it) proceed to Figure 37. If you do not, continue to Figure 35. Figure 35. If you cannot see two files where you saved your retrieved file, Maximise the PGP Desktop window, right click on the file showing in the verification window in PGP Desktop and select Extract. 15 HMRC SET Using PGP TM desktop
Figure 36. A window will appear. Select where you wish to save your decrypted file and click OK. Figure 38. From your Internet browser, load the Government Gateway website and select Enter the Government Gateway when the site has loaded. Figure 37. Your file is now decrypted. NB: Once the file is decrypted it is necessary to advise the HMRC SET Customer Management Team via the Government Gateway. See next step for details on how to do this. Figure 39. Enter your Government Gateway ID and password followed by clicking Login. 16 HMRC SET Using PGP TM desktop
Confirm decrypted files Figure 40. Select HMRC Secure Electronic Transfer. Figure 42. Using the menu on the left hand side select Retrieve Files. Figure 41. In the pop up window, select your organisation s TLS certificate and click OK. 17 HMRC SET Using PGP TM desktop
Troubleshooting Unable to encrypt Encryption Issues may include: incorrect passphrase incorrect keys used to encrypt expired keys As a HMRC SET user, your IT administrator will have created and imported two Encryption & Signing keys (your organisation s To and From keys) and will have received two HMRC Public keys ( To and From HMRC keys) sent by the HMRC SET Customer Management Team. Figure 43. Enter the file name (stated in the File Ready e-mail notification you received) in the space provided. Select the File Processed radio button (third radio button down) and then click Continue. You have now confirmed retrieval of the file from the Government Gateway and can Log Out. This action acknowledges to the HMRC SET Customer Management Team that your file was retrieved and decrypted successfully. If you encounter any problems decrypting your retrieved file please contact your IT administrator or the HMRC SET Customer Management Team for assistance. Both sets of keys should have been imported into your encryption software. To check this open your encryption software, selecting Keys followed by All Keys. Select each key individually and right click, select Key Properties and view the expiry date of the key. By doing this you will be able to determine whether the key is still valid or requires renewing. If you are unable to locate your passphrase, any of these four keys or have a query regarding the keys you are able to view, please contact your IT administrator or the HMRC SET Customer Management Team for assistance. NB: When encrypting a file you should always encrypt using the recipients To key first, followed by signing the file with your organisation s From key and entering your passphrase. Your encryption software should advise if the encryption of the file was successful or if there were any errors. 18 HMRC SET Using PGP TM desktop
Troubleshooting Unable to log onto Government Gateway If you are unable to log onto the Government Gateway, for example: Error 12202 Page Cannot Be Displayed or Unable to Log User in messages are displayed; you will need to check the following: To ensure you are able to log on to the HMRC SET web pages you require a Transfer Layered Security (TLS) certificate and Gateway Production Root certificate. This authenticates yourself as a user of HMRC SET. These will have been created and imported into your Internet browser on the PC used during the original installation or transferred to your PC by your IT department. To check you have these, open your Internet browser, select the Tools Menu, followed by Internet Options. Once the Internet Options window appears, select Content followed by Certificates. Another window labelled Certificates will appear. An example is shown below. Occasionally the TLS certificate may display as <CompanyName><12 Digit SET Reference Number(SRN)>LIVE<Date>. If you successfully locate your TLS certificate, proceed to locating the Gateway Production Root certificate (.cer file). This can be found through the same process but by selecting the Trusted Root Certification Authorities tab within the Certificates window, as shown opposite. If you are unable to access any of these Internet options or locate either your TLS certificate or the Gateway Production Root certificate please refer to your IT department. Alternatively please contact the HMRC SET Customer Management Team for assistance. NB: The default Certificate Store is the Personal Tab in the Certificates window. This is likely to be where your TLS certificate (p.12 file) is installed to and can be identified by the certificate file name following the format of Your CompanyNameTLSCertificate.p12 19 HMRC SET Using PGP TM desktop
Troubleshooting Unable to log onto Government Gateway In addition to the TLS certificate and Government Gateway Production Root certificate you will also require your Government Gateway ID and password. When enrolling, your IT administrator will have been asked to provide a password to use each time a user logs onto the Government Gateway. Your IT administrator will also have been provided with a twelve digit Government Gateway ID. This is different to your organisation s HMRC SET Reference Number and the HMRC SET Customer Management Team will not have a record of it. If either or both of the above cannot be located please contact your IT administrator or the HMRC SET Customer Management Team for assistance. NB: If neither can be located, you will be asked to provide an e-mail requesting to be de-enrolled on the Government Gateway. This will enable you to re-enrol and create a new ID and password in due course. Above: Example Password Confirmation Screen 1234 5678 9123 Above. Example ID Confirmation screen 20 HMRC SET Using PGP TM desktop
Troubleshooting Unable to decrypt Unable to decrypt issues may include: incorrect passphrase incorrect keys used to decrypt expired keys As a HMRC SET user, your IT administrator will have created and imported two Encryption & Signing keys (your organisation s To and From keys) and will have received two HMRC Public keys (To and From HMRC keys) sent by the HMRC SET Customer Management Team. Both sets of keys should have been imported into your encryption software. If you are using Government approved encryption tool software you can access all of your keys by Opening, Selecting Keys followed by All Keys. Further to this, by selecting each key individually you will also be able to right click, Select Key Properties and see the expiry date of the key. By doing this you will be able to determine whether the key is still valid or requires renewing. If you are unable to locate your passphrase, any of these four keys or have a query regarding the keys you are able to view, please contact your IT administrator or the HMRC SET Customer Management Team for assistance. NB: When decrypting a retrieved file you should always rename the file (so the file ends.pgp ) and decrypt using the recipients From key, followed by your organisation s To key and entering your passphrase. Your encryption software should advise if the decryption of the file was successful or if there were any errors. Troubleshooting E-mail notifications As a HMRC SET user, your IT administrator will have specified an e-mail address for all Government Gateway e-mail notifications to be directed to. If you have difficulty receiving these e-mail notifications please log onto the Government Gateway, select Preferences in the menu on the left hand side of the screen and ensure a valid e-mail address has been specified under the E-mail option. You may also wish to check that all notifications will be directed to your specified e-mail address by selecting Next. The screen shot below shows all of the notification options you should have selected. If your IT administrator is unable to resolve your issue please contact the HMRC SET Customer Management Team for further assistance. 21 HMRC SET Using PGP TM desktop
Glossary Term or abbreviation Certificate (digital security certificate) Decryption Encryption Encryption key Encryption software File Transfer Schedule From key Government Gateway (GGW) HMRC HMRC SET Description Small electronic file of mathematical ciphers (HMRC SET uses these for encryption, signing and identity authentication) The action of converting encrypted data back into its original form The action of transforming data into an unreadable state (requiring the correct key to decrypt it) To keys in HMRC SET terminology use a Public half to encrypt data and a corresponding Private half to decrypt data HMRC SET uses applications capable of applying Public and Private keys to files in order to encrypt and decrypt them A spread sheet HMRC SET Users complete to obtain HMRC s pre-approval for the data transfers (returns) HMRC SET terminology for a signing key that proves the identity of an encrypted file s sender The generic Government website (www.gateway.gov.uk) that hosts the HMRC SET service Her Majesty s Revenue & Customs HMRC s Secure Electronic Transfer (SET) service enables users of HMRC SET to transfer encrypted files between their organisation and HMRC HMRC SET Customer Management Team Dedicated team who provide help and assistance to HMRC SET service users (MDTSSETCustomerManagement@hmrc.gsi.gov.uk) HMRC SET Preferences User configured parameters (e-mail address) required before HMRC SET can route a customer s file transfers HMRC SET Reference Number (SRN) Unique 12 digit identifying number issued to HMRC SET Customers by the HMRC SET Customer Management Team HMRC SET website Web pages hosted on the GGW that enable HMRC SET customers to send and receive files securely Internet browser Software application used to access web pages on the Internet (such as Microsoft Internet Explorer) Key Digital security certificates, often referred to as keys P12, PEM, ASC, PGP TM and TXT File extensions associated with digital security certificates. Many files are renamed.txt to allow them to be e-mailed Passphrase Free text Passphrase /Password created by your organisation s IT administrator PGP TM A cryptography tool, capable of encryption and decryption; to protect data against unauthorised access Public Private key pair One way encryption in which data encrypted by a Public key can only be decrypted by the corresponding Private key Signing key From keys in HMRC SET terminology use a Private half to sign data and are verified with the corresponding Public half TLS (Transport Layer Security) A certificate protocol used to create secure data tunnels over insecure networks such as the Internet To key HMRC SET terminology for an encryption key used to encrypt and decrypt data Verification history The encryption and decryption logs generated by and stored within encryption software 22 HMRC SET Using PGP TM desktop Issued by HM Revenue & Customs March 2013 Crown Copyright 2013