IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

OpenPGP Decryption Inquiry

  • 1.  OpenPGP Decryption Inquiry

    Posted Tue August 10, 2010 05:33 AM

    Hello All,

    My customer encrypted their file using their private key and then gave me their public key for me to decrypt it. I wanted to use the OpenPGP package and so far I am trying out this flow containg these:

    –>wm.openpgp:getProperty (command decyptfile)
    –>wm.openpgp:getProperty (pgp home)
    –>pub.string:messageFormat
    –>pub.file:getFile
    –>wm.openpgp:execPGPb

    When I try to run the flow, here are the results:

    status: 0
    error:

    gpg: WARNING: unsafe permissions on homedir `/opt/SoftwareAG/webMethods712/gnupg’
    gpg: WARNING: using insecure memory!
    gpg: please see [url]http://www.gnupg.org/faq.html[/url] for more information
    gpg: encrypted with 2048-bit ELG-E key, ID 0F681253, created 2009-09-21
    B2B-Test@testemail.com (Dev/Test/QA) B2BHelpdesk@testemail.com

    output:

    A string containing some random number and texts

    I would like to ask where should I place the public keys given to me by my customer so that I can properly decrypt the file?

    I am very new to this, so I am not that sure if I’m on the right path in solving this requirement.

    Thanks,
    Dee


    #webMethods
    #webMethods-General
    #webMethods-Architecture
    #Integration-Server-and-ESB


  • 2.  RE: OpenPGP Decryption Inquiry

    Posted Mon August 08, 2011 06:03 PM

    I know this is a year-old thread, but I thought I’d provide a belated answer to the query in case someone else needs the info.

    The root issue here is that the attempted approach is backwards. Encrypted files cannot be decrypted using a public key.

    To exchange encrypted files with someone, here are the steps.

    1. Each party should generate their own private/public key pair. The private key should be closely guarded and protected and never shared with anyone.

    2. The parties provide their public key to each other.

    3. When party A is to send a file to party B, party A uses the B public key to encrypt the file. Then party B can decrypt it using their private key.

    4. For B to A, use the A public key to encrypt.

    A common technique to help with file management and troubleshooting is for the sending party to “encrypt to self” as well as for the receiving party. For example, when A sends to B, A uses the B public key as well as its own public key to encrypt. That way A and B can decrypt the file. How this is done depends upon the tool being used (gnupg uses a configuration file).

    Hope this helps.


    #webMethods-General
    #webMethods-Architecture
    #webMethods
    #Integration-Server-and-ESB


Related Content