Cryptographic Operations

Native PGP encryption supports cryptographic operations such as encryption, decryption, signing, and verification using Bouncy Castle APIs.

You can create Business Processes to execute PGPPackageService and PGPUnpackageServicesduring runtime to perform the cryptographic operations.

PGP Encryption

The business process uses PGPPackageService to encrypt the primary document. 

<process name="NativePGP_Encryption">
  <sequence>
    <operation name="PGP Package Service">
      <participant name="PGPPackageService"/>
      <output message="PGPPackageServiceTypeInputMessage">
        <assign to="." from="*"></assign>
        <assign to="compress">on</assign>
        <assign to="profile_name">AFTPGPProfile</assign>
        <assign to="public_user">0x3D89E40867379E96</assign>
      </output>
      <input message="inmsg">
        <assign to="." from="*"></assign>
      </input>
    </operation>	
 </sequence>
</process>

PGP Decryption

The business process uses PGPUnpackageService to decrypt and (decrypt + verify) the primary document.
Note:
  • The decryption key is mandatory in Sterling File Gateway for a partner to verify the signature.
  • In a clustered environment, you must have a common NFS location where a processed (encrypted and signed) file is stored and the decryption service takes the file from the stored location and decrypts and verifies it.
For decryption, you must pass secret_keymap_name, which is in AFTPGPProfile. 

PGP Decryption
<process name="Native_PGP_Decrypt"> 
  <sequence name="optional"> 
   <operation name="One"> 
      <participant name="PGPUnpackageService"/> 
      <output message="Xout"> 
               <assign to="." from="*"></assign> 
               <assign to="profile_name">AFTPGPProfile</assign>    
	       <assign to="secret_keymap_name">IMDADKEY000</assign>			   
    </output> 
     <input message="Xin"> 
               <assign to="." from="*"></assign> 
     </input> 
   </operation> 
  </sequence> 
</process>

PGP Decryption with verification


Decryption with verification
<process name="Native_pgp_dec_ver"> 
  <sequence name="optional"> 
   <operation name="One"> 
      <participant name="PGPUnpackageService"/> 
      <output message="Xout"> 
               <assign to="." from="*"></assign> 
               <assign to="profile_name">AFTPGPProfile</assign>  
               <assign to="secret_keymap_name">Decryption</assign>           
    </output> 
     <input message="Xin"> 
               <assign to="." from="*"></assign> 
     </input> 
   </operation> 
  </sequence> 
</process>

PGP Encryption with digital signature

The business process uses PGPPackageService to encrypt and sign the primary document. For signing, you must pass secret_keymap_name, which is in AFTPGPProfile. 

<process name="Native_PGP_Enc_Sign">
  <sequence>
    <operation name="PGP Package Service">
      <participant name="PGPPackageService"/>
      <output message="PGPPackageServiceTypeInputMessage">
        <assign to="." from="*"></assign>
        <assign to="compress">on</assign>
        <assign to="profile_name">AFTPGPProfile</assign>
        <assign to="public_user">0x3D89E40867379E96</assign>
		<assign to="secret_keymap_name">SignKey</assign>
      </output>
      <input message="inmsg">
        <assign to="." from="*"></assign>
      </input>
    </operation>	
 </sequence>
</process>

PGP Signing

The business process uses the PGPPackageService to sign the primary document. For signing, you must pass secret_keymap_name, which is in AFTPGPProfile.

<process name="Native_PGP_Sign">
  <sequence>
    <operation name="PGP Package Service">
      <participant name="PGPPackageService"/>
      <output message="PGPPackageServiceTypeInputMessage">
        <assign to="." from="*"></assign>
        <assign to="compress">on</assign>
        <assign to="profile_name">AFTPGPProfile</assign>
		<assign to="secret_keymap_name">SignKey</assign>
      </output>
      <input message="inmsg">
        <assign to="." from="*"></assign>
      </input>
    </operation>
		
 </sequence>
</process>

PGP Verification

The business process uses the PGPUnpackageService to verify the digitally signed primary document.

<process name="Native_PGP_SignVerification"> 
  <sequence name="optional"> 
   <operation name="One"> 
      <participant name="PGPUnpackageService"/> 
      <output message="Xout"> 
               <assign to="." from="*"></assign> 
               <assign to="profile_name">AFTPGPProfile</assign>    			   
    </output> 
     <input message="Xin"> 
               <assign to="." from="*"></assign> 
     </input> 
   </operation> 
  </sequence> 
</process>

Clear Signature

Clear Signature and signature verification of files is supported only for text and xml files. Binary files are not supported. It also does not support SHA224 algorithm.

Attention: When encrypting or signing binary files like .doc or .docx using Sterling B2B Integrator CLA2 adapter and decrypting or verifying the same document using Native PGP Server, it is recommended not to enable textmode, irrespective of ASCII Armor being enabled.