How to: Set Up GPG Decryption for Files
GPG (GNU Privacy Guard) encryption adds a layer of security to the SFTP (secure file transfer protocol) process. In this
What You'll Learn
In this how-to guide, you’ll learn how to set up the GPG Decryption service and build a module to decrypt files GPG Encrypted files.
What You Need
To set up the GPG Decryption service, you need:
- 1 Plug-In component
- 1 Hidden component
NOTE These instructions assume you have an open module saved with a title.
Before configuring the module, set up the decryption service to connect with the party sending GPG encrypted files.
Set Up the Decryption (GPG) Service
First, you need to set up a Decryption (GPG) service in Services Administration.
NOTE A public/private GPG keypair is required to set up the service in Services Administration. Then, you can provide the public key to the party that sends encrypted files to your Unqork application. View the Gnu Privacy Handbook's notes on generating a new keypair: https://www.gnupg.org/gph/en/manual/c14.html#AEN25.
|1.||At the top right of the Unqork Designer Platform, click the Settings drop-down.|
|3.||Under Integration, select Services Administration.|
|4.||In the Service Title field, enter a title for your service. For example, GPG Decryption.|
|5.||In the Service Name field, enter a name for your service. For example, GPG-decryption.|
TIP The Service Name is final once created. However, you can update the Service Title as necessary.
|6.||From the Type of Authentication drop-down, select Decryption (GPG).|
|7.||In the GPG Private Key (Armored) field, enter the private key.|
|8.||Click Add Service.|
After enabling the GPG Decryption service, return to the Module Builder.
Enable the Server-Side Execute Only Setting
It's a best practice to enable the Server Side Execution Only toggle for modules when making API (application programming interface) calls.
TIP This step is optional but it can help ensure your modules sensitive data or logic is secure.
|1.||In the Module Builder header, click the elispsis (...).|
|2.||Click Settings. The setting menu displays.|
|3.||Set the Server Side Execution Only toggle to ON.|
Configure the Decryption Module
Now, set up the decryption module. Add components to decrypt encrypted files retrieved using SFTP.
NOTE This configuration includes only the components involved in decrypting a file. For example, the Plug-In component references a File Storage component. But, there aren't steps in this how-to guide for adding a File Storage component. Instead, reference the File Storage component your application already uses to receive files via SFTP.
Here's how the final configuration looks in the Module Builder:
Configure the Plug-In Component
This Plug-In runs the GPG Decrypt a File API call. For your Outputs table, you can directly output the decrypted file to your Hidden component. Your Inputs table needs to reference 2 values:
The Property ID of the component containing the file you want to decrypt. You can use dot notation to specify the exact path. This value maps to the file parameter.
The Service Name of your Decryption (GPG) service. This value maps to the serviceName parameter.
Set up the Plug-In component:
|1.||Drag and drop a Plug-In component onto the canvas.|
|2.||In the Property ID and Canvas Label Text fields, enter pluginDecrypt.|
|3.||From the Internal Services drop-down, select GPG Decrypt a File.|
|4.||Set the Make a Multipart API call toggle to ON.|
|5.||Complete the Inputs table as follows:|
NOTE Be sure to use the File Storage Property ID and Service Name appropriate to your use case. Here, we're mapping sample values to these parameters. For example, let's say your application receives files from a File Storage component with a Property ID of fsContract. Then, you'd enter fsContract.file in the first row of the Inputs table instead of fileStorage.file.
TIP Always add single quotes around values in the Property ID column that aren't Property IDs in the module. For example, fileStorage.file references the File Storage component in your module, so it doesn't need single quotes. However, GPG-decryption is not a Property ID in the module. So, it needs single quotes.
|6.||Complete the Outputs table as follows:|
Configure the Hidden Component
Next, you'll set up a Hidden component that can store the decrypted file.
|1.||Drag and drop a Hidden component onto your canvas, placing it below your Plug-In component.|
|2.||In the Property ID and Canvas Label Text fields, enter decryptedFile.|
Now you can access the decrypted file in your decryptedFile Hidden component.