HMRC Secure Electronic Transfer (SET) How to use HMRC SET using PGP™ Desktop

Version 2.0

Contents

Welcome to HMRC SET 1

HMRC SET overview 2

Encrypt a file to send to HMRC 3

Upload files to the Government Gateway 6

E-mail notifications (File uploaded) 9

Download files from the Government Gateway 9

Decrypt downloaded files 13

Confirm decrypted files 17

Troubleshooting – Unable to encrypt 18

Troubleshooting – Unable to log onto Government Gateway 19

Troubleshooting – Unable to decrypt 21

Troubleshooting – E-mail notifications 21

Glossary 22

1 HMRC SET Using PGPTM desktop

How does HMRC SET work?

HMRC SET uses a combination of encryption keys and digital certificates to secure data returns for transfer through the Government Gateway.

Organisations create a Transport Layer Security (TLS) certificate during the HMRC SET installation process to facilitate the use of the HMRC SET web pages via the Government Gateway.

Encryption keys are created in conjunction with the HMRC SET Customer Management Team and an HMRC approved Certificate Authority. A combination of HMRC’s and the organisation’s keys are then used to encrypt/decrypt data returns for transfer across the secure HMRC SET website.

Automated HMRC SET e-mail messages act as receipts of your organisation’s data transfer.

The purpose of this document is to explain how to use the HMRC SET service to submit or receive files once you have completed the HMRC SET installation.

Help and assistance

The dedicated HMRC SET Customer Management Team can provide further documentation, help and assistance as required.

E-mail: MDTSSETCustomerManagement@hmrc.gsi.gov.uk Telephone: +44 (0) 3000 597222

Welcome to HMRC SETWhat is HMRC SET?

HMRC provide the Secure Electronic Transfer (SET) service hosted by the Government Gateway website and enables organisations to transact data with HMRC securely over the Internet by utilising a combination of encryption keys and digital certificates.

Contact the HMRC SET Customer Management Team to discuss the types of data that can be transferred using HMRC SET. Please note it is forbidden to transfer executable (.exe) files via the HMRC SET service.

HMRC

Yourorganisation

Encryp

ted

2 HMRC SET Using PGPTM desktop

HMRC SET overview The diagram below shows a high level overview of how your organisation can exchange encrypted data with HMRC using the HMRC SET service.

Exchanging files

Your Your files Encryption software Upload/download HMRC encrypt/decrypt organisation (Encrypt/decrypt your files) encrypted files via your files Government Gateway

HMRC SET pre-requisites

Please remember you must have your pre-requisites in place before you wish to use the HMRC SET service. For details on what pre-requisites are required please refer to the HMRC SET Installation and key renewal overview document, page 2 – “What will you need to use HMRC SET?”

HMRC

3 HMRC SET Using PGPTM desktop

Encrypt a file to send to HMRC To encrypt a file, start by opening Pretty Good Privacy™ Desktop (PGP™ Desktop) and follow the screens below.

Figure 1. Once open, navigate using the menu on the left hand side of the PGP™ Desktop window. Select “PGP Zip” then “New PGP Zip”.

Figure 2. Locate the file you wish to encrypt and drag and drop the file as per the on-screen instruction, into the window provided.

Figure 3. Once you have dragged and dropped the file you should have a screen similar to this. When you do select “Next”.

4 HMRC SET Using PGPTM desktop

Figure 6. Click “Add”, then select “Next”.

Figure 7. Select your organisation’s “From” key.

Figure 4. Select “Recipient keys”, click “Next”.

Figure 5. From the drop down menu, select the HMRC “To” key (CN=100100100100.to.hmrc.gov.uk.asc).

5 HMRC SET Using PGPTM desktop

Figure 8. Type in your keys passphrase, select where you wish the encrypted file to be saved to followed by clicking “Next”.

Figure 9. A summary screen will be displayed. Ensure the file name is correct and ends in “.pgp” to show it is encrypted. Check that the User key (recipients “To” key) and Signing key (your “From” organisation key) are correct. Then click “Finish”.If no errors are highlighted the file is now encrypted.

6 HMRC SET Using PGPTM desktop

Upload files to the Government Gateway Now that you have an encrypted file ready to send, open your Internet browser and go to www.gateway.gov.uk

Before sending any files please ensure all files adhere to the correct naming convention. This applies to all individual files and batches of files. If you are unsure whether your filenames meet this criteria please review the file naming convention given in the examples tab of your HMRC SET File Transfer Schedule or contact the HMRC SET Customer Management Team.

Figure 10. Once the Government Gateway site has loaded, select “Enter the Government Gateway”.

Figure 11. Enter your Government Gateway ID and password followed by clicking “Login”.

Figure 12. Select “HMRC Secure Electronic Transfer”.

7 HMRC SET Using PGPTM desktop

Figure 13. In the pop up window select your organisation’s TLS certificate and click “OK”.

Figure 14. The HMRC SET homepage will load and the navigation menu will appear on the left of the page.

Figure 15. Select “Send Files”.

Figure 16. Click “Browse”.

8 HMRC SET Using PGPTM desktop

Figure 17. In the pop up window, browse to the location of the encrypted file, select the encrypted file and click “Open”.

Figure 18. Click the Tick Box to confirm you agree to the service Terms and Conditions, followed by “Send”.

Figure 19. Once you have clicked “Send”, a message will be displayed confirming your file has now been uploaded to the Government Gateway.

Do not log out of the Government Gateway or close your Internet browser until you receive the “File Stored” e-mail notification.

9 HMRC SET Using PGPTM desktop

Download files from the Government GatewayYou will receive an e-mail notification from the Government Gateway as below, when a file is ready for retrieval.

Example. File Awaiting Retrieval.

You must actively monitor the e-mail account specified in your HMRC SET Preferences as files are only stored on the Government Gateway for a period of 72 hours from the time of upload.

E-mail notifications (File uploaded)On successful upload to the Government Gateway you will receive the following e-mail notifications to the specified e-mail address in your HMRC SET Preferences.

• File Stored

• File Deleted

• File Processed

Example. File Stored – indicates successful upload to the HMRC SET servers.

If you do not receive the above notifications after sending files do not resend the file. Please contact the HMRC SET Customer Management Team for assistance.

10 HMRC SET Using PGPTM desktop

After 72hrs the file will be deleted and will no longer be available for retrieval.

You will receive additional e-mail notifications advising if a file has not been retrieved as follows

• 24 Hours Expiry Warning.

• File Automatically Deleted (failure to retrieve file after 72 hours).

If you have been unable to retrieve a file within 72 hours you will need to e-mail the HMRC SET Customer Management Team to request a resend of the data.

However any resends are at HMRC’s discretion and may incur a charge.

When you have received an e-mail notification that a file is awaiting retrieval, open your Internet browser and go to www.gateway.gov.uk

Log on to the HMRC SET service using your Government Gateway User ID and password, then select your TLS digital certificate when prompted as shown in the screens below.

If you encounter any issues logging onto the Government Gateway or accessing the HMRC SET web pages, please refer to the trouble shooting pages of this document or contact the HMRC SET Customer Management Team for assistance.

Figure 20. Once the Government Gateway site has loaded, select “Enter the Government Gateway”.

Figure 21. Enter your Government Gateway ID and password followed by clicking “Login”.

Figure 22. Select “HMRC Secure Electronic Transfer”.

11 HMRC SET Using PGPTM desktop

Figure 23. In the pop up, select your organisation’s TLS certificate and click “OK”.

When you have logged on successfully follow the instructions below to retrieve a file.

Figure 24. Using the menu on the left hand side select “Retrieve Files”.

Figure 25. Copy and Paste or manually enter the file name (provided in your e-mail notification) into the box and ensure the “Retrieve File” radio button is selected before clicking “Continue”.

Figure 26. On the next screen, click the Blue Hyperlink.

Do not use the “Confirm” button! If you click this button your file will be deleted.

12 HMRC SET Using PGPTM desktop

Figure 28. A pop up window will display. “Save” the file to your preferred location.

Do not alter the file name at this stage.

Figure 27. On the pop up window that displays you will be asked if you want to open or save the file. Select “Save”.

13 HMRC SET Using PGPTM desktop

Figure 29. Another pop up window will display once your file has completed downloading. Click “Close” when complete.

Decrypt downloaded filesOnce the file has been retrieved from the Government Gateway, open the directory (folder) where it was saved and follow the steps below to decrypt it.

PGP™ Desktop and HMRC SET’s standard test file have been used to illustrate the steps.

Figure 30. Right click on the file and select “Rename” from the menu. Remove the date and time so the file name ends in “.pgp”.

14 HMRC SET Using PGPTM desktop

Figure 31. Screen shot of an example file name once the date and time has been removed.

Figure 32. Once renamed, right click on the file, select “PGP Desktop” followed by “Decrypt & Verify”.

Figure 33. A pop up window will be displayed. Enter the passphrase and click “OK”.

111222333444.to.RiverLakeCompany.co.uk

*********

15 HMRC SET Using PGPTM desktop

Figure 35. If you cannot see two files where you saved your retrieved file, Maximise the PGP™ Desktop window, right click on the file showing in the verification window in PGP™ Desktop and select “Extract”.

Figure 34. Once you have entered the passphrase for your Private key, the PGP™ Desktop Verification History window will appear. Minimise the screen and browse to the location where the retrieved file was saved.

NB: If you now have two files (the file you retrieved and saved and a decrypted version of it) proceed to Figure 37. If you do not, continue to Figure 35.

111222333444.to.RiverLakeCompany.co.uk

*********

16 HMRC SET Using PGPTM desktop

Figure 36. A window will appear. Select where you wish to save your decrypted file and click “OK”.

Figure 37. Your file is now decrypted.

NB: Once the file is decrypted it is necessary to advise the HMRC SET Customer Management Team via the Government Gateway. See next step for details on how to do this.

Figure 38. From your Internet browser, load the Government Gateway website and select “Enter the Government Gateway” when the site has loaded.

Figure 39. Enter your Government Gateway ID and password followed by clicking “Login”.

17 HMRC SET Using PGPTM desktop

Confirm decrypted files

Figure 42. Using the menu on the left hand side select “Retrieve Files”. Figure 40. Select “HMRC Secure Electronic Transfer”.

Figure 41. In the pop up window, select your organisation’s TLS certificate and click “OK”.

18 HMRC SET Using PGPTM desktop

Figure 43. Enter the file name (stated in the ‘File Ready’ e-mail notification you received) in the space provided.Select the “File Processed” radio button (third radio button down) and then click “Continue”.You have now confirmed retrieval of the file from the Government Gateway and can Log Out.This action acknowledges to the HMRC SET Customer Management Team that your file was retrieved and decrypted successfully.

If you encounter any problems decrypting your retrieved file please contact your IT administrator or the HMRC SET Customer Management Team for assistance.

Troubleshooting – Unable to encryptEncryption Issues may include:

• incorrect passphrase

• incorrect keys used to encrypt

• expired keys

As a HMRC SET user, your IT administrator will have created and imported two Encryption & Signing keys (your organisation’s “To” and “From” keys) and will have received two HMRC Public keys (“To” and “From” HMRC keys) sent by the HMRC SET Customer Management Team.

Both sets of keys should have been imported into your encryption software.

To check this open your encryption software, selecting “Keys” followed by “All Keys”.

Select each key individually and right click, select “Key Properties” and view the expiry date of the key. By doing this you will be able to determine whether the key is still valid or requires renewing.

If you are unable to locate your passphrase, any of these four keys or have a query regarding the keys you are able to view, please contact your IT administrator or the HMRC SET Customer Management Team for assistance.

NB: When encrypting a file you should always encrypt using the recipients “To” key first, followed by signing the file with your organisation’s “From” key and entering your passphrase. Your encryption software should advise if the encryption of the file was successful or if there were any errors.

19 HMRC SET Using PGPTM desktop

Occasionally the TLS certificate may display as <CompanyName><12 Digit SET Reference Number(SRN)>LIVE<Date>.

If you successfully locate your TLS certificate, proceed to locating the Gateway Production Root certificate (.cer file).

This can be found through the same process but by selecting the “Trusted Root Certification Authorities” tab within the “Certificates” window, as shown opposite.

If you are unable to access any of these Internet options or locate either your TLS certificate or the Gateway Production Root certificate please refer to your IT department. Alternatively please contact the HMRC SET Customer Management Team for assistance.

Troubleshooting – Unable to log onto Government Gateway If you are unable to log onto the Government Gateway, for example: “Error 12202 – Page Cannot Be Displayed” or “Unable to Log User in” messages are displayed; you will need to check the following:

To ensure you are able to log on to the HMRC SET web pages you require a Transfer Layered Security (TLS) certificate and Gateway Production Root certificate. This authenticates yourself as a user of HMRC SET.

These will have been created and imported into your Internet browser on the PC used during the original installation or transferred to your PC by your IT department. To check you have these, open your Internet browser, select the “Tools” Menu, followed by “Internet Options”.

Once the “Internet Options” window appears, select “Content” followed by “Certificates”. Another window labelled “Certificates” will appear. An example is shown below.

NB: The default ‘Certificate Store’ is the “Personal Tab” in the “Certificates” window. This is likely to be where your TLS certificate (p.12 file) is installed to and can be identified by the certificate file name – following the format of Your CompanyNameTLSCertificate.p12

20 HMRC SET Using PGPTM desktop

Above: Example Password Confirmation Screen

Above. Example ID Confirmation screen

Troubleshooting – Unable to log onto Government GatewayIn addition to the TLS certificate and Government Gateway Production Root certificate you will also require your Government Gateway ID and password.

When enrolling, your IT administrator will have been asked to provide a password to use each time a user logs onto the Government Gateway.

Your IT administrator will also have been provided with a twelve digit Government Gateway ID. This is different to your organisation’s HMRC SET Reference Number and the HMRC SET Customer Management Team will not have a record of it.

If either or both of the above cannot be located please contact your IT administrator or the HMRC SET Customer Management Team for assistance.

NB: If neither can be located, you will be asked to provide an e-mail requesting to be de-enrolled on the Government Gateway. This will enable you to re-enrol and create a new ID and password in due course.

1234 5678 9123

21 HMRC SET Using PGPTM desktop

Troubleshooting – Unable to decryptUnable to decrypt issues may include:

• incorrect passphrase

• incorrect keys used to decrypt

• expired keys

As a HMRC SET user, your IT administrator will have created and imported two Encryption & Signing keys (your organisation’s “To” and “From” keys) and will have received two HMRC Public keys (To and From HMRC keys) sent by the HMRC SET Customer Management Team.

Both sets of keys should have been imported into your encryption software.

If you are using Government approved encryption tool software you can access all of your keys by Opening, Selecting “Keys” followed by “All Keys”.

Further to this, by selecting each key individually you will also be able to right click, Select “Key Properties” and see the expiry date of the key. By doing this you will be able to determine whether the key is still valid or requires renewing.

If you are unable to locate your passphrase, any of these four keys or have a query regarding the keys you are able to view, please contact your IT administrator or the HMRC SET Customer Management Team for assistance.

NB: When decrypting a retrieved file you should always rename the file (so the file ends “.pgp”) and decrypt using the recipients “From” key, followed by your organisation’s “To” key and entering your passphrase. Your encryption software should advise if the decryption of the file was successful or if there were any errors.

Troubleshooting – E-mail notificationsAs a HMRC SET user, your IT administrator will have specified an e-mail address for all Government Gateway e-mail notifications to be directed to.

If you have difficulty receiving these e-mail notifications please log onto the Government Gateway, select “Preferences” in the menu on the left hand side of the screen and ensure a valid e-mail address has been specified under the “E-mail” option.

You may also wish to check that all notifications will be directed to your specified e-mail address by selecting “Next”. The screen shot below shows all of the notification options you should have selected.

If your IT administrator is unable to resolve your issue please contact the HMRC SET Customer Management Team for further assistance.

22 HMRC SET Using PGPTM desktop

GlossaryTerm or abbreviation Description

Certificate (digital security certificate) Small electronic file of mathematical ciphers (HMRC SET uses these for encryption, signing and identity authentication)

Decryption The action of converting encrypted data back into its original form

Encryption The action of transforming data into an unreadable state (requiring the correct key to decrypt it)

Encryption key “To” keys in HMRC SET terminology use a Public half to encrypt data and a corresponding Private half to decrypt data

Encryption software HMRC SET uses applications capable of applying Public and Private keys to files in order to encrypt and decrypt them

File Transfer Schedule A spread sheet HMRC SET Users complete to obtain HMRC’s pre-approval for the data transfers (returns)

From key HMRC SET terminology for a signing key that proves the identity of an encrypted file’s sender

Government Gateway (GGW) The generic Government website (www.gateway.gov.uk) that hosts the HMRC SET service

HMRC Her Majesty’s Revenue & Customs

HMRC SET HMRC’s Secure Electronic Transfer (SET) service – enables users of HMRC SET to transfer encrypted files between their organisation and HMRC

HMRC SET Customer Management Team Dedicated team who provide help and assistance to HMRC SET service users (MDTSSETCustomerManagement@hmrc.gsi.gov.uk)

HMRC SET Preferences User configured parameters (e-mail address) required before HMRC SET can route a customer’s file transfers

HMRC SET Reference Number (SRN) Unique 12 digit identifying number issued to HMRC SET Customers by the HMRC SET Customer Management Team

HMRC SET website Web pages hosted on the GGW that enable HMRC SET customers to send and receive files securely

Internet browser Software application used to access web pages on the Internet (such as Microsoft Internet Explorer)

Key Digital security certificates, often referred to as keys

P12, PEM, ASC, PGPTM and TXT File extensions associated with digital security certificates. Many files are renamed “.txt” to allow them to be e-mailed

Passphrase Free text Passphrase /Password created by your organisation’s IT administrator

PGPTM A cryptography tool, capable of encryption and decryption; to protect data against unauthorised access

Public Private key pair One way encryption in which data encrypted by a Public key can only be decrypted by the corresponding Private key

Signing key “From” keys in HMRC SET terminology use a Private half to sign data and are verified with the corresponding Public half

TLS (Transport Layer Security) A certificate protocol used to create secure data tunnels over insecure networks such as the Internet

To key HMRC SET terminology for an encryption key used to encrypt and decrypt data

Verification history The encryption and decryption logs generated by and stored within encryption software

Issued by HM Revenue & CustomsMarch 2013 © Crown Copyright 2013