How to: Set Up GPG Decryption for Files


GPG (GNU Privacy Guard) encryption adds a layer of security to the SFTP (secure file transfer protocol) process. In this article, you'll learn how to decrypt GPG encrypted files. First, you'll learn how to set up a Decryption (GPG) service. Then, you'll learn how to use the Unqork internal GPG Decrypt a File service. This internal service decrypts a file using the details provided in your Decryption (GPG) service.

What You'll Learn

In this how-to guide, you’ll learn how to set up the GPG Decryption service and build a module to decrypt files GPG Encrypted files.

What You Need

To set up the GPG Decryption service, you need:

  • 1 Plug-In component
  • 1 Hidden component

NOTE  These instructions assume you have an open module saved with a title.


Before configuring the module, set up the decryption service to connect with the party sending GPG encrypted files.

Set Up the Decryption (GPG) Service

First, you need to set up a Decryption (GPG) service in Services Administration.

NOTE  A public/private GPG keypair is required to set up the service in Services Administration. Then, you can provide the public key to the party that sends encrypted files to your Unqork application. View the Gnu Privacy Handbook's notes on generating a new keypair:

1. At the top right of the Unqork Designer Platform, click the Settings drop-down.
2. Click Administration.
3. Under Integration, select Services Administration.
4. In the Service Title field, enter a title for your service. For example, GPG Decryption.
5. In the Service Name field, enter a name for your service. For example, GPG-decryption.

TIP  The Service Name is final once created. However, you can update the Service Title as necessary.

6. From the Type of Authentication drop-down, select Decryption (GPG)
7. In the GPG Private Key (Armored) field, enter the private key.

8. Click Add Service.

After enabling the GPG Decryption service, return to the Module Builder.

Enable the Server-Side Execute Only Setting

It's a best practice to enable the Server Side Execution Only toggle for modules when making API (application programming interface) calls.

TIP  This step is optional but it can help ensure your modules sensitive data or logic is secure.

1. In the Module Builder header, click the elispsis (...).
2. Click Settings. The setting menu displays.
3. Set the Server Side Execution Only toggle to ON.

4. Click Save.

Configure the Decryption Module

Now, set up the decryption module. Add components to decrypt encrypted files retrieved using SFTP.

NOTE  This configuration includes only the components involved in decrypting a file. For example, the Plug-In component references a File Storage component. But, there aren't steps in this how-to guide for adding a File Storage component. Instead, reference the File Storage component your application already uses to receive files via SFTP.

Here's how the final configuration looks in the Module Builder:

Configure the Plug-In Component

This Plug-In runs the GPG Decrypt a File API call. For your Outputs table, you can directly output the decrypted file to your Hidden component. Your Inputs table needs to reference 2 values:

  • The Property ID of the component containing the file you want to decrypt. You can use dot notation to specify the exact path. This value maps to the file parameter.

  • The Service Name of your Decryption (GPG) service. This value maps to the serviceName parameter.

Set up the Plug-In component:

1. Drag and drop a Plug-In component onto the canvas.
2. In the Property ID and Canvas Label Text fields, enter pluginDecrypt.
3. From the Internal Services drop-down, select GPG Decrypt a File.
4. Set the Make a Multipart API call toggle to ON.
5. Complete the Inputs table as follows:

Property ID





Yes (checked)




NOTE  Be sure to use the File Storage Property ID and Service Name appropriate to your use case. Here, we're mapping sample values to these parameters. For example, let's say your application receives files from a File Storage component with a Property ID of fsContract. Then, you'd enter fsContract.file in the first row of the Inputs table instead of fileStorage.file.

TIP  Always add single quotes around values in the Property ID column that aren't Property IDs in the module. For example, fileStorage.file references the File Storage component in your module, so it doesn't need single quotes. However, GPG-decryption is not a Property ID in the module. So, it needs single quotes.

6. Complete the Outputs table as follows:

Property ID






7. Click Save.

Configure the Hidden Component

Next, you'll set up a Hidden component that can store the decrypted file.

1. Drag and drop a Hidden component onto your canvas, placing it below your Plug-In component.
2. In the Property ID and Canvas Label Text fields, enter decryptedFile.
3. Click Save.

Now you can access the decrypted file in your decryptedFile Hidden component.