How to: Set Up GPG Decryption for Files

  • Updated on Jan 20, 2026
  • Published on Sep 25, 2025
  • 6 minute(s) read
Prev Next

Learn how to set up GPG Decryption in Unqork to decrypt GPG-encrypted files in an module.

Setting up GPG decryption in Unqork involves a three-step process:

  1. Configure a Decryption (GPG) Service: Create a GPG Decryption service in Services Administration.

  2. Enable Server-Side Execute: Set up a module to execute its data server-side.

  3. Execute via Plug-In: Use a Plug-in component to decrypt specific files using the parameters defined in your GPG Service.

The encrypted file being passed in must be less than 50 MB, and the resulting decrypted file must be less than 100 MB. Otherwise, the decryption fails.

Preconfiguration

Before configuring the module, set up the decryption service to connect with the party sending GPG-encrypted files.

Set Up the Decryption (GPG) Service

First, set up a Decryption (GPG) service in Services Administration.

You'll need to get the public key from the party that's receiving and decrypting the files. They'll have set up the public/private GPG keypair.

  1. At the top right of the Unqork Designer Platform, click Administration.

  2. Under Integration, select Services Administration.

  3. Click + Add a Service.

  4. In the Service Title* field, enter a title for your service. For example, GPG Decryption.

  5. In the Service Name* field, enter a name for your service. For example, gpg-decryption.

    The Service Name value is final once created. You can update the Service Title value anytime.

  6. In the Service protocol + host* field, enter a temporary value. You’ll delete these values in a later step.

  7. Click Next.

  8. In the Share To* field, specify which workspaces this service is available to.

  9. Click Create.
    The Service page displays.

  10. From the menu to the left, select Service-Type.

  11. From the Service Type drop-down, select Decryption.

  12. In the Service Protocol + Host field, delete the temporary value.

  13. Set the Authentication Method to Decryption (GPG).

  14. In the Private Key field, enter the decryption key.

    The public key must be provided by the service with which you’re integrating. A sample key is not available.

    GPG Decryption settings with highlighted service type and private key fields.

  15. Click Save Changes.

After enabling the GPG Encryption service, return to the Module Builder.

Select the tab that corresponds to your Unqork Designer experience:

Turn on Server-Side Execute Only

For security, modules calling a GPG service must execute server-side. While API Modules always execute server side, your requirements might use a Front-End or Other module type to contain the Plug-In Component that calls the GPG service.

From the Module Builder page:

  1. Click the ellipsisButtonDummy.jpg (ellipsis) button.

  2. Click Module Settings. The Settings modal displays.

  3. From the menu to the left, click Module Settings.

  4. Set Server Side Execution Only to A toggle switch icon indicating an on state for user interface settings. (ON).
    Settings menu showing options for module execution and user permissions configuration.

  5. Click Save & Close.

Configure the Decryption Module

Set up a module to retrieve encrypted files using SFTP, then decrypt them.

This configuration includes only the components involved in decrypting a file. For example, the Plug-In component references a File Storage component. But, there aren't steps in this how-to guide for adding a File Storage component. Instead, reference the File Storage component your application already uses to receive files via SFTP.

Configure the pluginDecrypt Plug-In Component

This Plug-In component runs the GPG Decrypt a File API call. In the Outputs table, you can directly output the decrypted file to a Hidden component. The Inputs table needs to reference two values:

  • The Property ID of the component containing the file you want to decrypt. You can use dot notation to specify the exact path. This value maps to the file parameter.

  • The Service Name of your Decryption (GPG) service. This value maps to the {{serviceName}} parameter.

Set up the Plug-In component:

  1. In the Module Builder, drag and drop a Plug-In component onto the canvas.

  2. In the Property ID and Canvas Label Text fields, enter pluginDecrypt.

  3. From the Internal Services drop-down, select GPG Decrypt a File.

  4. Set Make a Multipart API Call to  A toggle switch icon indicating an on state for user interface settings. (ON).

  5. In the Inputs table, enter the following:

    #

    Property ID

    Mapping

    1

    fileStorage.file

    file

    2

    'GPG-decryption'

    {{serviceName}}

    Ensure you use the File Storage component’s Property ID and Service Name appropriate to your use case. This how-to guide maps sample values to these parameters. For example, let's say your application receives files from a File Storage component with a Property ID of fsContract. Then, you'd enter fsContract.file in the first row of the Inputs table instead of fileStorage.file.

    Always add single quotes around values in the Property ID column that are not Property IDs in the module. For example, fileStorage.file references the File Storage component in your module, so it doesn't need single quotes. However, ‘GPG-decryption’ is not a Property ID in the module. So, it needs single quotes.

  6. In the Outputs table, enter the following:

    #

    Property ID

    Mapping

    Option

    1

    decryptedFile

    file

    replace

    API call configuration for file decryption with required inputs and outputs listed.

  7. Click Save.

Configure the decryptedFile Hidden Component

Lastly, set up a Hidden component to store the decrypted file.

  1. Drag and drop a Hidden component onto your canvas, placing it below your pluginDecrypt Plug-In component.

  2. In the Property ID and Canvas Label Text fields, enter decryptedFile.

  3. Click Save & Close.

  4. Save your module.

Now you can access the decrypted file in the decryptedFile Hidden component.

Here's how the final configuration looks in the Module Builder:

Interface showing components for GPG decryption with highlighted plugin and decrypted file.

Turn on Server-Side Execute Only

For security, modules calling a GPG service must execute server-side. While API Module always execute server side, your requirements might use a Front-End or Other module type to contain the Plug-In Component that calls the GPG service.

From the Module Builder page:

  1. On the Module Builder header, click the ellipsisButtonDummy.jpg (ellipsis) button.

  2. Click Settings. The Settings modal displays.

  3. Navigate to the Module Settings section.

  4. Set Server Side Execution Only to A toggle switch icon indicating an on state for user interface settings. (ON).
    Module settings for server-side execution with various options highlighted for user selection.

  5. Click Save.

Configure the Decryption Module

Set up a module to retrieve encrypted files using SFTP, then decrypt them.

This configuration includes only the components involved in decrypting a file. For example, the Plug-In component references a File Storage component. But, there aren't steps in this how-to guide for adding a File Storage component. Instead, reference the File Storage component your application already uses to receive files via SFTP.

Configure the pluginDecrypt Plug-In Component

This Plug-In component runs the GPG Decrypt a File API call. In the Outputs table, you can directly output the decrypted file to a Hidden component. The Inputs table needs to reference two values:

  • The Property ID of the component containing the file you want to decrypt. You can use dot notation to specify the exact path. This value maps to the file parameter.

  • The Service Name of your Decryption (GPG) service. This value maps to the {{serviceName}} parameter.

Set up the Plug-In component:

  1. In the Module Builder, drag and drop a Plug-In component onto the canvas.

  2. In the Property ID and Canvas Label Text fields, enter pluginDecrypt.

  3. From the Internal Services drop-down, select GPG Decrypt a File.

  4. Set Make a Multipart API Call to A toggle switch icon indicating an on state for user interface settings. (ON).

  5. In the Inputs table, enter the following:

    Property ID

    Mapping

    fileStorage.file

    file

    'GPG-decryption'

    {{serviceName}}

    Be sure to use the File Storage component’s Property ID and Service Name appropriate to your use case. This how-to guide maps sample values to these parameters. For example, let's say your application receives files from a File Storage component with a Property ID of fsContract. Then, you'd enter fsContract.file in the first row of the Inputs table instead of fileStorage.file.

    Always add single quotes around values in the Property ID column that are not Property IDs in the module. For example, fileStorage.file references the File Storage component in your module, so it doesn't need single quotes. However, ‘GPG-decryption’ is not a Property ID in the module. So, it needs single quotes.

  6. In the Outputs table, enter the following:

    Property ID

    Mapping

    Option

    decryptedFile

    file

    replace

  7. Click Save.

Configure the decryptedFile Hidden Component

Lastly, set up a Hidden component to store the decrypted file.

  1. Drag and drop a Hidden component onto your canvas, placing it below your pluginDecrypt Plug-In component.

  2. In the Property ID and Canvas Label Text fields, enter decryptedFile.

  3. Click Save & Close.

  4. Save your module.

Now you can access the decrypted file in the decryptedFile Hidden component.

Here's how the final configuration looks in the Module Builder:

Related articles