Preparing to use PGP

About this task

PGP encryption is supported by Sterling File Gateway, in combination with FTP and other protocols.

For producers sending PGP packaged files, files are processed in accordance with the routing channels and their templates when a partner is the producer for the channel. Encrypted files will be decrypted using the router's secret PGP key and signed files will be verified using the producer's public key if it is present in the Public Key Ring.

For consumers, you specify in the Create Partner wizard that messages sent to the consumer must be encrypted, signed, or both. The PGP options of compression, text mode and ASCII armor can also be specified for each consumer.

The settings for the producer are independent of the settings for the consumers. If the producer is set to Encryption, regardless of whether the consumer is or is not, only encrypted files can be sent by the producer. If the producer is set to No Encryption, and the consumer is set to Encryption, unencrypted files are sent by the producer and the Router encrypts them before sending to the consumer.

Producers may unilaterally (without prior negotiation) choose to use PGP compression for their files. Consumers may be configured such that Sterling File Gateway also performs compression while it is packaging the PGP file before sending to them.

Prior to creating a community with partners to use PGP, you must do the following:

Procedure

  1. Install one of the supported PGP vendor's products.
    Tip: Currently, Sterling B2B Integrator/Sterling File Gateway supports GNU Privacy Guard (GPG) version 2.0.22.
  2. Start a <install_dir>/client/cmdline2/CLA2Client.jar process on the machine that the PGP vendor's product runs on.
    Restriction: While installing Sterling B2B Integrator/Sterling File Gateway on a Certified Container Platform, do not use the GPG version included in the Sterling B2B Integrator image. Instead, you should set-up GPG externally and access it using the remote CLA2 adapter.
  3. Edit the PGPCmdlineService (which is a configuration of the Command Line 2 adapter) in Sterling B2B Integrator, or create a new configuration of the Command Line 2 adapter. Set the following parameters:
    • Remote Name - IP address or machine name for the machine where the PGP server is running
    • Remote Port - the port number on the PGP server machine that the CLA2Client.jar is listening on
    • Working directory (optional)
  4. If you create a new configuration of the Command Line 2 adapter, edit the customer_overrides.properties file to override the default setting for the pgpCmdline2svcname parameter in the filegateway.properties file to point to the new configuration.
  5. Create a PGP profile in Sterling B2B Integrator. Name the profile AFTPGPProfile. The Sterling File Gateway Router can only work with a profile that has this name and cannot use any other PGP profiles defined in Sterling B2B Integrator.