TDE is all about the Encryption Hierarchy being established (Master Key (master database), Certificate (master database), Database Encryption Key (user database)) on the log shipping side. So if you created the Master Key on the secondary side and then back up the certificate on the primary database server and restore it on the secondary server, then you will be allowed to restore the copy of the database on the secondary. That is first.
Second, the SFTP, you could use PowerShell and WINSCP to automatedly send data to the SFTP server and on the secondary use it to pull the files down then restore them.
You will NOT be able to get the built-in Log Shipping mechanisms to interact with SFTP, so it is more of an automation than a feature built-in to SQL Server.
I have done this so many times before so I know you can do it. Let me know if you need more on TDE, etc. I will gather the PowerShell scripts and put them up on https://github.com/dbaduck in a LogShippingSFTP folder.