Convert it to a Native profile by selecting the “Native PGP” option and click Next
Edit the secret maps to select the keys from Database
Select the Secret Key. All keys that have been migrated from GPG and checked in as Secret key will get listed.
Click on Save
Click Next and Finish on the Confirm Page
This process allows migration to native implementation
- SFG(Sterling Filegateway) trading partner’s having a 8 bit public key ID should be replaced with 16 bit key ID. All other scripts and config data can be kept AS IS
- Custom BPs in B2Bi that are used for cryptographic operations having 8 bit key ID needs to be replaced with 16 bit key ID. Any CLA2 entries in the BP will be ignored for Native PGP transactions
REST API’s for Key Management
Customers can use the swagger APIs for PGP Key Management. These APIs are developed on Springboot, with Swagger UI (User Interface). Here are the services to create, read, and delete PGP Keys from B2Bi:
Default URL - http://<IP or Hostname>:<Liberty_port>/sfgapis/swagger-ui.html
Secret Key APIs
- Create, Check-in, Get, Update, Delete
- Get APIs:
- Get All
- Get with KEYID
- Get with ObjectID
(Secret Key GET API with KEYID and ObjectID gets the actual Secret Key data)
Public Key APIs
- Check-in, Get, Delete
- GET APIs:
- Get All
- Get with KEYID
- Get with ObjectID
(Public Key GET API with KEYID and ObjectID gets the actual Public Key data)
Pre migration, Post migration validation, impact to workload during migration
Pre migration, if the files have been processed using GPG, the encrypted or signed files look like the following:
Post migration, the Natively processed files will look like the following:
Security
Performance of GnuPG versus Native PGP in B2Bi
The graph above depicts the performance of GnuPG versus Native PGP.
Native PGP shows a reduction in CPU usage and an increase in the throughput for file processing.
Note: Above results are from internal performance tests in a lab environment, the results may vary with the hardware/network configuration and on the cryptographic flow tested.
Conclusion
There are many advantages of using Native PGP in B2Bi as mentioned in this blog such as
- Maintaining the PGP Keys within B2Bi Database
- Leveraging Key management using B2Bi UI & REST APIs
- Doing away with the dependency on 3rd party PGP vendors and CLA2 adapters – in turn better performance for cryptographic operations
- Lower maintenance overhead as there is no dependency on external PGP software deployed in additional VM/hardware