HMRC Secure Electronic Transfer (SET) - gov.uk · PDF fileHMRC Secure Electronic Transfer...
-
Upload
vuongnguyet -
Category
Documents
-
view
216 -
download
0
Transcript of HMRC Secure Electronic Transfer (SET) - gov.uk · PDF fileHMRC Secure Electronic Transfer...
HMRC Secure Electronic Transfer (SET) How to use HMRC SET using PGP™ Desktop
Version 2.0
Contents
Welcome to HMRC SET 1
HMRC SET overview 2
Encrypt a file to send to HMRC 3
Upload files to the Government Gateway 6
E-mail notifications (File uploaded) 9
Download files from the Government Gateway 9
Decrypt downloaded files 13
Confirm decrypted files 17
Troubleshooting – Unable to encrypt 18
Troubleshooting – Unable to log onto Government Gateway 19
Troubleshooting – Unable to decrypt 21
Troubleshooting – E-mail notifications 21
Glossary 22
1 HMRC SET Using PGPTM desktop
How does HMRC SET work?
HMRC SET uses a combination of encryption keys and digital certificates to secure data returns for transfer through the Government Gateway.
Organisations create a Transport Layer Security (TLS) certificate during the HMRC SET installation process to facilitate the use of the HMRC SET web pages via the Government Gateway.
Encryption keys are created in conjunction with the HMRC SET Customer Management Team and an HMRC approved Certificate Authority. A combination of HMRC’s and the organisation’s keys are then used to encrypt/decrypt data returns for transfer across the secure HMRC SET website.
Automated HMRC SET e-mail messages act as receipts of your organisation’s data transfer.
The purpose of this document is to explain how to use the HMRC SET service to submit or receive files once you have completed the HMRC SET installation.
Help and assistance
The dedicated HMRC SET Customer Management Team can provide further documentation, help and assistance as required.
E-mail: [email protected] Telephone: +44 (0) 3000 597222
Welcome to HMRC SETWhat is HMRC SET?
HMRC provide the Secure Electronic Transfer (SET) service hosted by the Government Gateway website and enables organisations to transact data with HMRC securely over the Internet by utilising a combination of encryption keys and digital certificates.
Contact the HMRC SET Customer Management Team to discuss the types of data that can be transferred using HMRC SET. Please note it is forbidden to transfer executable (.exe) files via the HMRC SET service.
HMRC
Yourorganisation
Encryp
ted
2 HMRC SET Using PGPTM desktop
HMRC SET overview The diagram below shows a high level overview of how your organisation can exchange encrypted data with HMRC using the HMRC SET service.
Exchanging files
Your Your files Encryption software Upload/download HMRC encrypt/decrypt organisation (Encrypt/decrypt your files) encrypted files via your files Government Gateway
HMRC SET pre-requisites
Please remember you must have your pre-requisites in place before you wish to use the HMRC SET service. For details on what pre-requisites are required please refer to the HMRC SET Installation and key renewal overview document, page 2 – “What will you need to use HMRC SET?”
HMRC
3 HMRC SET Using PGPTM desktop
Encrypt a file to send to HMRC To encrypt a file, start by opening Pretty Good Privacy™ Desktop (PGP™ Desktop) and follow the screens below.
Figure 1. Once open, navigate using the menu on the left hand side of the PGP™ Desktop window. Select “PGP Zip” then “New PGP Zip”.
Figure 2. Locate the file you wish to encrypt and drag and drop the file as per the on-screen instruction, into the window provided.
Figure 3. Once you have dragged and dropped the file you should have a screen similar to this. When you do select “Next”.
4 HMRC SET Using PGPTM desktop
Figure 6. Click “Add”, then select “Next”.
Figure 7. Select your organisation’s “From” key.
Figure 4. Select “Recipient keys”, click “Next”.
Figure 5. From the drop down menu, select the HMRC “To” key (CN=100100100100.to.hmrc.gov.uk.asc).
5 HMRC SET Using PGPTM desktop
Figure 8. Type in your keys passphrase, select where you wish the encrypted file to be saved to followed by clicking “Next”.
Figure 9. A summary screen will be displayed. Ensure the file name is correct and ends in “.pgp” to show it is encrypted. Check that the User key (recipients “To” key) and Signing key (your “From” organisation key) are correct. Then click “Finish”.If no errors are highlighted the file is now encrypted.
6 HMRC SET Using PGPTM desktop
Upload files to the Government Gateway Now that you have an encrypted file ready to send, open your Internet browser and go to www.gateway.gov.uk
Before sending any files please ensure all files adhere to the correct naming convention. This applies to all individual files and batches of files. If you are unsure whether your filenames meet this criteria please review the file naming convention given in the examples tab of your HMRC SET File Transfer Schedule or contact the HMRC SET Customer Management Team.
Figure 10. Once the Government Gateway site has loaded, select “Enter the Government Gateway”.
Figure 11. Enter your Government Gateway ID and password followed by clicking “Login”.
Figure 12. Select “HMRC Secure Electronic Transfer”.
7 HMRC SET Using PGPTM desktop
Figure 13. In the pop up window select your organisation’s TLS certificate and click “OK”.
Figure 14. The HMRC SET homepage will load and the navigation menu will appear on the left of the page.
Figure 15. Select “Send Files”.
Figure 16. Click “Browse”.
8 HMRC SET Using PGPTM desktop
Figure 17. In the pop up window, browse to the location of the encrypted file, select the encrypted file and click “Open”.
Figure 18. Click the Tick Box to confirm you agree to the service Terms and Conditions, followed by “Send”.
Figure 19. Once you have clicked “Send”, a message will be displayed confirming your file has now been uploaded to the Government Gateway.
Do not log out of the Government Gateway or close your Internet browser until you receive the “File Stored” e-mail notification.
9 HMRC SET Using PGPTM desktop
Download files from the Government GatewayYou will receive an e-mail notification from the Government Gateway as below, when a file is ready for retrieval.
Example. File Awaiting Retrieval.
You must actively monitor the e-mail account specified in your HMRC SET Preferences as files are only stored on the Government Gateway for a period of 72 hours from the time of upload.
E-mail notifications (File uploaded)On successful upload to the Government Gateway you will receive the following e-mail notifications to the specified e-mail address in your HMRC SET Preferences.
• File Stored
• File Deleted
• File Processed
Example. File Stored – indicates successful upload to the HMRC SET servers.
If you do not receive the above notifications after sending files do not resend the file. Please contact the HMRC SET Customer Management Team for assistance.
10 HMRC SET Using PGPTM desktop
After 72hrs the file will be deleted and will no longer be available for retrieval.
You will receive additional e-mail notifications advising if a file has not been retrieved as follows
• 24 Hours Expiry Warning.
• File Automatically Deleted (failure to retrieve file after 72 hours).
If you have been unable to retrieve a file within 72 hours you will need to e-mail the HMRC SET Customer Management Team to request a resend of the data.
However any resends are at HMRC’s discretion and may incur a charge.
When you have received an e-mail notification that a file is awaiting retrieval, open your Internet browser and go to www.gateway.gov.uk
Log on to the HMRC SET service using your Government Gateway User ID and password, then select your TLS digital certificate when prompted as shown in the screens below.
If you encounter any issues logging onto the Government Gateway or accessing the HMRC SET web pages, please refer to the trouble shooting pages of this document or contact the HMRC SET Customer Management Team for assistance.
Figure 20. Once the Government Gateway site has loaded, select “Enter the Government Gateway”.
Figure 21. Enter your Government Gateway ID and password followed by clicking “Login”.
Figure 22. Select “HMRC Secure Electronic Transfer”.
11 HMRC SET Using PGPTM desktop
Figure 23. In the pop up, select your organisation’s TLS certificate and click “OK”.
When you have logged on successfully follow the instructions below to retrieve a file.
Figure 24. Using the menu on the left hand side select “Retrieve Files”.
Figure 25. Copy and Paste or manually enter the file name (provided in your e-mail notification) into the box and ensure the “Retrieve File” radio button is selected before clicking “Continue”.
Figure 26. On the next screen, click the Blue Hyperlink.
Do not use the “Confirm” button! If you click this button your file will be deleted.
12 HMRC SET Using PGPTM desktop
Figure 28. A pop up window will display. “Save” the file to your preferred location.
Do not alter the file name at this stage.
Figure 27. On the pop up window that displays you will be asked if you want to open or save the file. Select “Save”.
13 HMRC SET Using PGPTM desktop
Figure 29. Another pop up window will display once your file has completed downloading. Click “Close” when complete.
Decrypt downloaded filesOnce the file has been retrieved from the Government Gateway, open the directory (folder) where it was saved and follow the steps below to decrypt it.
PGP™ Desktop and HMRC SET’s standard test file have been used to illustrate the steps.
Figure 30. Right click on the file and select “Rename” from the menu. Remove the date and time so the file name ends in “.pgp”.
14 HMRC SET Using PGPTM desktop
Figure 31. Screen shot of an example file name once the date and time has been removed.
Figure 32. Once renamed, right click on the file, select “PGP Desktop” followed by “Decrypt & Verify”.
Figure 33. A pop up window will be displayed. Enter the passphrase and click “OK”.
111222333444.to.RiverLakeCompany.co.uk
*********
15 HMRC SET Using PGPTM desktop
Figure 35. If you cannot see two files where you saved your retrieved file, Maximise the PGP™ Desktop window, right click on the file showing in the verification window in PGP™ Desktop and select “Extract”.
Figure 34. Once you have entered the passphrase for your Private key, the PGP™ Desktop Verification History window will appear. Minimise the screen and browse to the location where the retrieved file was saved.
NB: If you now have two files (the file you retrieved and saved and a decrypted version of it) proceed to Figure 37. If you do not, continue to Figure 35.
111222333444.to.RiverLakeCompany.co.uk
*********
16 HMRC SET Using PGPTM desktop
Figure 36. A window will appear. Select where you wish to save your decrypted file and click “OK”.
Figure 37. Your file is now decrypted.
NB: Once the file is decrypted it is necessary to advise the HMRC SET Customer Management Team via the Government Gateway. See next step for details on how to do this.
Figure 38. From your Internet browser, load the Government Gateway website and select “Enter the Government Gateway” when the site has loaded.
Figure 39. Enter your Government Gateway ID and password followed by clicking “Login”.
17 HMRC SET Using PGPTM desktop
Confirm decrypted files
Figure 42. Using the menu on the left hand side select “Retrieve Files”. Figure 40. Select “HMRC Secure Electronic Transfer”.
Figure 41. In the pop up window, select your organisation’s TLS certificate and click “OK”.
18 HMRC SET Using PGPTM desktop
Figure 43. Enter the file name (stated in the ‘File Ready’ e-mail notification you received) in the space provided.Select the “File Processed” radio button (third radio button down) and then click “Continue”.You have now confirmed retrieval of the file from the Government Gateway and can Log Out.This action acknowledges to the HMRC SET Customer Management Team that your file was retrieved and decrypted successfully.
If you encounter any problems decrypting your retrieved file please contact your IT administrator or the HMRC SET Customer Management Team for assistance.
Troubleshooting – Unable to encryptEncryption Issues may include:
• incorrect passphrase
• incorrect keys used to encrypt
• expired keys
As a HMRC SET user, your IT administrator will have created and imported two Encryption & Signing keys (your organisation’s “To” and “From” keys) and will have received two HMRC Public keys (“To” and “From” HMRC keys) sent by the HMRC SET Customer Management Team.
Both sets of keys should have been imported into your encryption software.
To check this open your encryption software, selecting “Keys” followed by “All Keys”.
Select each key individually and right click, select “Key Properties” and view the expiry date of the key. By doing this you will be able to determine whether the key is still valid or requires renewing.
If you are unable to locate your passphrase, any of these four keys or have a query regarding the keys you are able to view, please contact your IT administrator or the HMRC SET Customer Management Team for assistance.
NB: When encrypting a file you should always encrypt using the recipients “To” key first, followed by signing the file with your organisation’s “From” key and entering your passphrase. Your encryption software should advise if the encryption of the file was successful or if there were any errors.
19 HMRC SET Using PGPTM desktop
Occasionally the TLS certificate may display as <CompanyName><12 Digit SET Reference Number(SRN)>LIVE<Date>.
If you successfully locate your TLS certificate, proceed to locating the Gateway Production Root certificate (.cer file).
This can be found through the same process but by selecting the “Trusted Root Certification Authorities” tab within the “Certificates” window, as shown opposite.
If you are unable to access any of these Internet options or locate either your TLS certificate or the Gateway Production Root certificate please refer to your IT department. Alternatively please contact the HMRC SET Customer Management Team for assistance.
Troubleshooting – Unable to log onto Government Gateway If you are unable to log onto the Government Gateway, for example: “Error 12202 – Page Cannot Be Displayed” or “Unable to Log User in” messages are displayed; you will need to check the following:
To ensure you are able to log on to the HMRC SET web pages you require a Transfer Layered Security (TLS) certificate and Gateway Production Root certificate. This authenticates yourself as a user of HMRC SET.
These will have been created and imported into your Internet browser on the PC used during the original installation or transferred to your PC by your IT department. To check you have these, open your Internet browser, select the “Tools” Menu, followed by “Internet Options”.
Once the “Internet Options” window appears, select “Content” followed by “Certificates”. Another window labelled “Certificates” will appear. An example is shown below.
NB: The default ‘Certificate Store’ is the “Personal Tab” in the “Certificates” window. This is likely to be where your TLS certificate (p.12 file) is installed to and can be identified by the certificate file name – following the format of Your CompanyNameTLSCertificate.p12
20 HMRC SET Using PGPTM desktop
Above: Example Password Confirmation Screen
Above. Example ID Confirmation screen
Troubleshooting – Unable to log onto Government GatewayIn addition to the TLS certificate and Government Gateway Production Root certificate you will also require your Government Gateway ID and password.
When enrolling, your IT administrator will have been asked to provide a password to use each time a user logs onto the Government Gateway.
Your IT administrator will also have been provided with a twelve digit Government Gateway ID. This is different to your organisation’s HMRC SET Reference Number and the HMRC SET Customer Management Team will not have a record of it.
If either or both of the above cannot be located please contact your IT administrator or the HMRC SET Customer Management Team for assistance.
NB: If neither can be located, you will be asked to provide an e-mail requesting to be de-enrolled on the Government Gateway. This will enable you to re-enrol and create a new ID and password in due course.
1234 5678 9123
21 HMRC SET Using PGPTM desktop
Troubleshooting – Unable to decryptUnable to decrypt issues may include:
• incorrect passphrase
• incorrect keys used to decrypt
• expired keys
As a HMRC SET user, your IT administrator will have created and imported two Encryption & Signing keys (your organisation’s “To” and “From” keys) and will have received two HMRC Public keys (To and From HMRC keys) sent by the HMRC SET Customer Management Team.
Both sets of keys should have been imported into your encryption software.
If you are using Government approved encryption tool software you can access all of your keys by Opening, Selecting “Keys” followed by “All Keys”.
Further to this, by selecting each key individually you will also be able to right click, Select “Key Properties” and see the expiry date of the key. By doing this you will be able to determine whether the key is still valid or requires renewing.
If you are unable to locate your passphrase, any of these four keys or have a query regarding the keys you are able to view, please contact your IT administrator or the HMRC SET Customer Management Team for assistance.
NB: When decrypting a retrieved file you should always rename the file (so the file ends “.pgp”) and decrypt using the recipients “From” key, followed by your organisation’s “To” key and entering your passphrase. Your encryption software should advise if the decryption of the file was successful or if there were any errors.
Troubleshooting – E-mail notificationsAs a HMRC SET user, your IT administrator will have specified an e-mail address for all Government Gateway e-mail notifications to be directed to.
If you have difficulty receiving these e-mail notifications please log onto the Government Gateway, select “Preferences” in the menu on the left hand side of the screen and ensure a valid e-mail address has been specified under the “E-mail” option.
You may also wish to check that all notifications will be directed to your specified e-mail address by selecting “Next”. The screen shot below shows all of the notification options you should have selected.
If your IT administrator is unable to resolve your issue please contact the HMRC SET Customer Management Team for further assistance.
22 HMRC SET Using PGPTM desktop
GlossaryTerm or abbreviation Description
Certificate (digital security certificate) Small electronic file of mathematical ciphers (HMRC SET uses these for encryption, signing and identity authentication)
Decryption The action of converting encrypted data back into its original form
Encryption The action of transforming data into an unreadable state (requiring the correct key to decrypt it)
Encryption key “To” keys in HMRC SET terminology use a Public half to encrypt data and a corresponding Private half to decrypt data
Encryption software HMRC SET uses applications capable of applying Public and Private keys to files in order to encrypt and decrypt them
File Transfer Schedule A spread sheet HMRC SET Users complete to obtain HMRC’s pre-approval for the data transfers (returns)
From key HMRC SET terminology for a signing key that proves the identity of an encrypted file’s sender
Government Gateway (GGW) The generic Government website (www.gateway.gov.uk) that hosts the HMRC SET service
HMRC Her Majesty’s Revenue & Customs
HMRC SET HMRC’s Secure Electronic Transfer (SET) service – enables users of HMRC SET to transfer encrypted files between their organisation and HMRC
HMRC SET Customer Management Team Dedicated team who provide help and assistance to HMRC SET service users ([email protected])
HMRC SET Preferences User configured parameters (e-mail address) required before HMRC SET can route a customer’s file transfers
HMRC SET Reference Number (SRN) Unique 12 digit identifying number issued to HMRC SET Customers by the HMRC SET Customer Management Team
HMRC SET website Web pages hosted on the GGW that enable HMRC SET customers to send and receive files securely
Internet browser Software application used to access web pages on the Internet (such as Microsoft Internet Explorer)
Key Digital security certificates, often referred to as keys
P12, PEM, ASC, PGPTM and TXT File extensions associated with digital security certificates. Many files are renamed “.txt” to allow them to be e-mailed
Passphrase Free text Passphrase /Password created by your organisation’s IT administrator
PGPTM A cryptography tool, capable of encryption and decryption; to protect data against unauthorised access
Public Private key pair One way encryption in which data encrypted by a Public key can only be decrypted by the corresponding Private key
Signing key “From” keys in HMRC SET terminology use a Private half to sign data and are verified with the corresponding Public half
TLS (Transport Layer Security) A certificate protocol used to create secure data tunnels over insecure networks such as the Internet
To key HMRC SET terminology for an encryption key used to encrypt and decrypt data
Verification history The encryption and decryption logs generated by and stored within encryption software
Issued by HM Revenue & CustomsMarch 2013 © Crown Copyright 2013