Key Capabilities
- Complete OpenPGP encryption, decryption, signing, and signature verification with multiple algorithm support
- Encoding mode (encrypt/sign) and decoding mode (decrypt/verify) with compression options
- Keyring management and ASCII armor encoding for readable encrypted data transmission
Overview
OpenPGP connectors are the primary way that supports protecting data in a flow. OpenPGP connectors operating in Encode mode can encrypt and/or sign files, and OpenPGP connectors operating in Decode mode can decrypt files and/or verify signatures. Encryption and signature verification require a public OpenPGP key, and decryption and signing require a private OpenPGP key. These keys must be created or imported into OpenPGP keyring files (.gpg) before you can use them with the application.
Connector Configuration
This section contains all of the configurable connector properties.Settings Tab
Configuration
Settings related to the core operation of the connector.| Setting | Description |
|---|---|
| Connector Id | The static, unique identifier for the connector. |
| Connector Type | Displays the connector name and a description of what it does. |
| Connector Description | An optional field to provide a free-form description of the connector and its role in the flow. |
| Operation | Whether the connector is encoding or decoding incoming files. Encoding includes encrypting and signing data, and decoding includes decrypting data and verifying signatures. The connector settings change based on this setting. |
Message Settings
Settings related to creating an OpenPGP message. Only available when encoding.| Setting | Description |
|---|---|
| Message Security | Whether the connector should create an encrypted message, a signed message, or both a signed and encrypted message. |
| Compression | Whether the connector should compress the message before encrypting and/or signing it. |
| Encryption Algorithm | The symmetric algorithm to use when encrypting. |
| Signature Algorithm | The hash algorithm to use when signing. |
| Compression Method | The compression algorithm to use when compressing. |
Keys
Settings related to the OpenPGP keys used by the connector. Encryption and signing are only available when encoding, while verification and decryption are only available when decoding.| Setting | Description |
|---|---|
| Encryption Key | The user Id identifying the public key in a public keyring to use when encrypting. Import a public keyring file to view the available user Ids. |
| Signing Key | The user Id identifying the private key in the secret keyring to use when signing. Import a secret keyring file to view the available user Ids. |
| Verification Key | The user Id identifying the public key in the public keyring to use when verifying signatures. Import a public keyring file to view the available user Ids. |
| Decryption Key | The user Id identifying the private key in the secret keyring to use when verifying signatures. Import a secret keyring file to view the available user Ids. |
| Passphrase | When encoding: the passphrase for the selected private signing key. When decoding: the passphrase for the selected private decryption key. |
Advanced Tab
Advanced Settings
Settings not included in the previous categories.| Setting | Description |
|---|---|
| ASCII Armor | Whether ASCII-encoding should be applied to OpenPGP messages generated by the connector. |
| Clear Signature | Whether the OpenPGP signature should appear in clear text. Not applicable when encrypting messages. |
| Processing Delay | The amount of time (in seconds) by which the processing of files placed in the Transactions tab is delayed. This is a legacy setting. Best practice is to use a File connector to manage local file systems instead of this setting. |
| Local File Scheme | A scheme for assigning filenames to messages that are output by the connector. You can use macros in your filenames dynamically to include information such as identifiers and timestamps. For more information, see Macros. |
Message
Logging
Miscellaneous
Automation Tab
Settings
Settings related to the automatic processing of files by the connector.| Setting | Description |
|---|---|
| Send Automation | Whether messages arriving at the connector are automatically processed. |
Performance
Alerts Tab
SLAs Tab
Encoding
When encoding files, configure each of the settings under Message Settings. These determine how the file is encoded. If encryption is required, specify a public encryption key in the Encryption Key field. If signing is required, specify a private signing key in the Signing Key field. To select a key in a keyring, import the keyring file then use the dropdown to choose a user Id. To sign with a private key, provide the Passphrase required to access the private key. You can enable the ASCII Armor option on the Advanced tab to ASCII-encode encrypted data so that it remains readable. You can use the Clear Signature option if the signature should appear in clear text (not possible when encrypting files). Once you set these options, files sent to the input directory of the OpenPGP connector are automatically encoded.Decoding
When decoding files, the connector automatically attempts to determine what encryption and/or signature algorithms were applied, so you do not need to configure the connector for specific algorithms. If decryption is required, specify a private decryption key in the Decryption Key field (supply the private key that corresponds to the public key that was used to encrypt). If signature verification is required, specify a public verification key in the Verification Key field (supply the public key that corresponds to the private key used to sign). To select a key in a keyring, import the keyring file then use the dropdown to choose a user Id. To decrypt with a private key, provide the Passphrase required to access the private key. Once you set these options, files sent to the input directory of the OpenPGP connector are automatically decoded: encrypted files are decrypted, and signed files are verified.Creating Keys
To create a key:- Select Import/Export > Create Key to begin creating a new OpenPGP key pair:
- If the connector is in Encode mode, this is next to Signing Key.
- If the connector is in Decode mode, this is next to Decryption Key.
- Enter the following information:
- User Id: Provide at least First Name or Email to create a key. The User Id for the key is comprised of the first name, last name, and email fields in the key creation wizard.
- Passphrase: Enter a passphrase to protect the private key. The passphrase is used in the decrypt, encrypt, and sign operations.
- Key Encryption Algorithm and Key Signature Algorithm: Select the encryption algorithm that corresponds to the desired strength of your encryption. Select the signature algorithm that corresponds to the desired length of the hash of the message.
- Click Create Key. Keys are created in the
data/~Profiles/OpenPGPfolder relative to the Application Directory.
Macros
Examples
Common Errors
Error: Unknown PGP Packet tag
When attempting to decode a GPG message using the OpenPGP connector, you might get the error Unknown PGP Packet tag on the Transactions tab and in the logs. Cause The GPG message has been encrypted with the AEAD cipher. AEAD is a cipher that is still in draft, and does not yet support it. Resolution GPG messages encrypted in GPG 2.3.0 and later using keys created in GPG 2.3.0 and later need to be encrypted using the following options to disable the cipher:--force-mdc --rfc2440 --encrypt
GPG packets encrypted in earlier releases or encrypted in GPG 2.3.0 or later using keys created in prior releases are not affected.