PGP Unpackage Service

Pretty Good Privacy (PGP) is an open standard data encryption and decryption tool. The PGP Unpackage service, with the PGP Server Manager, decrypts documents and verifies their signatures.

The following table provides an overview of the PGP Unpackage service:

Category Description
System name PGP Unpackage service
Graphical Process Modeler (GPM) category All Services
Description This service is used to decrypt and verify the signature of a document based on the Open PGP standard, by using a public key or conventional cryptography.
Business usage Use this service to decrypt or verify the signature of the document in the document area.
Usage example A business process is executed to decrypt or verify the signature of the document based on the PGP profile. See PGP Server Manager.
Preconfigured? Yes
Requires third-party files? No
Platform availability All supported Sterling B2B Integrator platforms, with a supported PGP software version installed that is also supported for the installed version of Sterling B2B Integrator.
Related adapters The PGP Unpackage service works with the following services:
  • Command Line Adapter 2
  • PGP Package service
Application requirements Before using this service, install one of the supported PGP software versions. For more information, see Create a PGP Server Profile.
Initiates business processes? This service does not initiate business processes. This service cannot be used without a business process.
Invocation A user who has permission to perform this activity must execute the business process that invokes this service.
Business process context considerations The configuration parameters and the outgoing documents are picked up by the service in the business process context. In the receiving mode, the service puts the incoming documents into the business process context.
Returned status values Returned status values:
  • 0 - Success
  • 1- Error
See Advanced Status Messages for a list of advanced statuses. Exit Codes will be displayed in the Advanced Status column, pre-pended by [PGPErrorCode].
Restrictions None
Persistence level None
Testing considerations Create the profile in the PGP Server Manager. This profile stores information about the PGP server, including PGP Type, PGP Executable, PGP Path, the location of the public key ring, the secret key ring, and the random number seed. It enables you to create key maps for secret key sets and conventional key sets. A pre-defined Command Line Adapter 2 (PGPCmdlineService) is installed with Sterling B2B Integrator. The Command Line Adapter 2 is used for large file support (streaming). Start the remote Command Line 2 client. For more information about enabling and installing the Command Line Adapter 2, see Command Line Adapter 2 (V5.2.4.1 and interim fix 5.2.4.1_2 or later).

Implement the PGP Unpackage Service

To implement the PGP Unpackage service, complete the following tasks:
  1. Activate your license for the PGP Unpackage service.
  2. Create a PGP profile, using the PGP Server Manager.
  3. Create a PGP Unpackage service configuration.
  4. Configure the PGP Unpackage service.
  5. Use the PGP Unpackage service in a business process.

Configure the PGP Unpackage Service

Before configuring the PGP Unpackage service, consider the following:
  • If the secret_keymap_name and conv_keymap_name parameters are not present, the PGP Unpackage service will verify the signature of the document only.
  • If one of the keymap_name parameters is present, it will use the information of the keymap_name to decrypt.
  • If there is a signature in the document, the verification of the signature will be done automatically.

To configure the PGP Unpackage service, specify the settings for the fields in the GPM. These fields are described in the subsequent table.

Field Description
Config Name of the service configuration.
workingDir The working directory where files for decryption or verification will be read from or written to. You must set this parameter in this field or in the associated Command Line 2 adapter configuration.
remoteName Remote name or IP address where the remote adapter implementation is running. Optional if the cmdline2svcname field is defined in the Command Line 2 adapter. You must set this parameter in this field or in the associated Command Line 2 adapter configuration.
remotePort Remote port that the remote adapter implementation is listening on. Optional if the cmdline2svcname field is defined in the Command Line 2 adapter. You must set this parameter in this field or in the associated Command Line 2 adapter configuration.
profile_name The name of PGP profile. Required.
secret_keymap_name Key name defined in the secret key ring in the PGP profile. Required for decryption (public key cryptography).
conv_keymap_name Key name defined in the public key ring in the PGP profile. Required for decryption (conventional cryptography).
DocumentId The document identifier for the document to be processed. The default document for processing is the primary document. Optional.
cmdline2svcname If not using the default configuration of the Command Line 2 adapter (PGPCmdlineService), enter the name of the configuration to be used. Optional.
outputfilename Output file name. For E-Business Server, outputfilename must have an extension of .asc or .pgp. If a different extension is used, outputfilename will be appended with .asc. For all versions, if outputfilename is not specified, the file name is retrieved from the name of the primary document or the body name of a document and is appended with the following:
  • *.asc during normal encryption
  • .exe during SDA process
  • .pga during pgparchive process
Optional.
pgp_partner_name The partner name used in encryption and signing. If specified, the business processes the parameters you specify in the selected partner profile. Required if you specify a value in the pgp_sponsor_name parameter. The values you specify in the GPM override the values you specify in the profile.
pgp_sponsor_name The sponsor name used in encryption and signing. If specified, the business processes the parameters you specify in the selected sponsor profile. Required if you specify a value in the pgp_partner_name parameter. The values you specify in the GPM override the values you specify in the profile.
tmpDir The directory location for temporary scratch files. If not specified, the temporary files are written in the current working directory. If the shell environmental variable TMP is defined, PGP stores temporary files in the named directory. Optional.
info How much information is returned. Valid values are:
  • Quiet - Only displays error messages. Not available with all PGP software versions. If selected, defaults to normal mode.
  • Normal - Displays warnings and error messages. Default.
  • Verbose - Displays helpful messages, warnings, and error messages. Use this setting to diagnose problems. Not available with all PGP software versions. If selected with other versions, defaults to normal mode.
  • Debug - Displays developer-level output in addition to the output produced by the other levels. This level may include the display of internal data, statistics, trace information, and return codes from internal functions. Do not use unless instructed to do so. Not available with all PGP software versions. If selected, defaults to normal mode.
Optional.

The following table contains the parameters that are passed from the PGP Unpackage service to the business process:

Parameter Description
Action (PGP/Action) Action of this PGP execution. Valid values are DECRYPT and VERIFY. Required.
FileName (PGP/FileName) The name of the file which is being processed. Required.
DocumentPGP/Document() The processed document is placed in Process Data – not as Primary Document. The attribute is the SCIObjectID, which allows the user to click on it for viewing the content of the processed document. Required.
DocumentId (PGP/DocumentId) The document identifier of the document. Required.
Status (PGP/Status) The status shows if this process has completed successfully or failed. Valid values are Success and Error. Required.
ErrorCodePGP/ErrorCode() This is the exit value returned from executing PGP commands. This will be shown when the Status is ‘Error'. Optional.
ErrorDescription (PGP/ ErrorDescription) This is the error description based on the ErrorCode. This will be shown when the Status is ‘Error'. Optional.

Business Process Example - Decrypt Operation (Public Key Decryption)

The following business process uses the PGP Unpackage service to decrypt the primary document in the document area. The profile is based on PGP107. In this case, the default Command Line 2 adapter configuration, PGPCmdlineService, is used to execute the decrypt command. It uses the working directory, remote name and port stated in the business process. Therefore, these values will override any pre-configured values in PGPCmdlineService. 

<process name="PGP_Decrypt "> 
  <sequence name="optional"> 
   <operation name="One"> 
      <participant name=" PGPUnPackageService "/> 
      <output message="Xout"> 
               <assign to="." from="*"></assign> 
               <assign to="profile_name">PGP107</assign>  
               <assign to=" secret_keymap_name"> my_secret </assign>
               <assign to="workingDir">/server1/tmp</assign> 
               <assign to="remoteName">00.000.00.000</assign> 
               <assign to="remotePort">12345</assign> 
    </output> 
     <input message="Xin"> 
               <assign to="." from="*"></assign> 
     </input> 
   </operation> 
  </sequence> 
</process>

Business Process Example - Verify Operation

The following business process uses the PGP Unpackage service to verify the primary document in the document area. The profile is based on PGP107. In this case, the Command Line 2 adapter configuration called MyCLA2 is used to execute the commands. The remote name, port and working directory have been pre-configured in the service configuration. Therefore, they are not required in the business process. 

<process name="PGP_Verify"> 
 <sequence name="optional"> 
    <operation name="One"> 
      <participant name="PGPUnPackageService "/> 
      <output message="Xout"> 
               <assign to="." from="*"></assign> 
               <assign to="profile_name">PGP107</assign>  
               <assign to="cmdline2svcname">MyCLA2</assign>
    </output> 
     <input message="Xin"> 
               <assign to="." from="*"></assign> 
     </input> 
   </operation> 
  </sequence> 
</process>

Business Process Example - OnFault Handling

The following business process shows onFault handling with the PGP Unpackage service.

 <process name="PGP_Decrypt"> 
 <sequence name="optional"> 
    <operation name="One"> 
      <participant name="PGPUnPackageService "/> 
      <output message="Xout"> 
               <assign to="." from="*"></assign> 
               <assign to="profile_name">PGP107</assign>  
               <assign to=" secret_keymap_name"> si_secret </assign>
               <assign to="workingDir">/server1/tmp</assign> 
               <assign to="remoteName">00.000.00.000</assign>
               <assign to="remotePort">12345</assign>  
    </output> 
     <input message="Xin"> 
               <assign to="." from="*"></assign> 
     </input> 
   </operation> 
               <assign to="Status">The file is decrypted successfully</assign> 
   <onFault>
               <assign to="Status">General Error Occurred</assign>
            </onFault>
            <onFault code="[PGPErrorCode] Decryption error">
               <assign to="Status">Decryption error</assign>
            </onFault> 
 </sequence> 
</process>

Business Process Example - PGP Partner and PGP Sponsor

The following business process uses the PGP Partner and PGP Sponsor services to decrypt and verify documents.

<process name="use_partner_sponsor">
  <operation name="PGP Unpackage Service">
    <participant name="PGPUnpackageService"/>
       <output message="PGPUnpackageServiceTypeInputMessage">
     <assign to="pgp_partner_name">partner</assign>
     <assign to="pgp_sponsor_name">sponsor</assign>
     <assign to="profile_name">pgp</assign>
     <assign to="." from="*"></assign>
   </output>
    <input message="inmsg">
     <assign to="." from="*"></assign>
   </input>
  </operation> 
</process>

Advanced Status Messages

Exit Codes from E-Business Server

The following table contains exit codes from E-Business Server. The content of the description field will be displayed in the Advanced Status column, preceded by [PGPErrorCode]:

Status Description
0 Exit OK, no error
1 Invalid file
2 File not found
3 Unknown file
4 Batch mode error
5 Bad argument
6 Process Interrupted
7 Out of memory error
8 Environment error
20 Signature error
21 Public Key Encryption error
22 Encryption error
23 Compression error
30 Signature Check error
31 Public Key Decryption error
32 Decryption error
33 Decompression error
34 Keyring locked error
101 File parsing error

Exit Codes from PGP Command Line

The following table contains exit codes from PGP Command Line. The content of the description field will be displayed in the Advanced Status column, preceded by [PGPErrorCode]:

Status Description
0 PGP Command Line exited successfully.
64 Parser error.
71 Bad data was received from the operating system at startup.
128 An internal error occurred.
129 An initialization failure occurred on startup.
130 A user interrupt occurred.
145 Error purging a cache: passphrase, keyring, or both.
146 Error creating keyring files.
147 Error during a speed test operation.
160 Complete failure during a file wipe.
161 Partial fail, partial success during a file wipe (one file wiped, one not, for example).
162 Complete failure during an encode.
163 Partial failure during an encode.
164 Complete failure during a decode.
165 Partial failure during a decode.
210 Error during one of the key list operations.
220 Error during key maintenance.
221 Error when checking signatures.
222 Error when checking user IDs.
230 Error during one of the key edit operations.
240 Error during one of the key server operations.
245 Error with supplied license.
251 License is expired.
255 An unknown error occurred.

Errors During Validation

The following table contains errors that result from the PGP Unpackage service when it validates information before executing PGP commands on the remote server. The content of the status field will be displayed in the Advanced Status column:

Status Description
Error in accessing the document with a given DocumentId The DocumentId value given in the bpml is incorrect.
Fail to get data from Primary Document There is no Primary Document. Primary Document is mandatory.
You must enter one of these BPML Params: 'public_user' or 'secret_keymap_name' or 'conv_keymap_name' Either one of the BPML Parameters must be present for PGP to encrypt, sign or encrypt and sign.
Incorrect Profile Name in BPML Param: 'profile_name'. It is not found in the PGP Server Manager The profile_name value given in the bpml is incorrect.
Incorrect Key Name (BPML Param: 'secret_keymap_name'). It is not found in the PGP Profile's Secret KeyMap The secret_keymap_name value given in the bpml is incorrect.
Incorrect Key Name (BPML Param: 'conv_keymap_name'). It is not found in the PGP Profile's Conventional KeyMap The conv_keymap_name value given in the bpml is incorrect.