Managed File Transfer

 View Only
  • 1.  SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Tue May 05, 2020 09:36 AM
    We have thousands of consuming partners configured.
    • Some with no PGP encryption required.
    • Some with PGP Encryption required.
    • Some with PGP Encryption and signing required.
    And often these requirements change.

    The routing channel configuration becomes cumbersome when for each type of flow
    • 3 separate routing channel templates are needed for each type of flow
    • Each customer must be assigned to the proper routing channel template (or put in a specific partner group which  uses the specific RCT)
    We also would prefer to use more dynamic routing templates, but again would prefer not them not to be tied to PGP Encryption (unencrypted, encrypted or encrypted and signed)

    Is there a way to have SFG handle PGP Encryption based on the consumer PGP Config instead of being based on the RCT?

    Having 3 dynamic RCTs would even be OK, if the result would be 1 and only only 1 document would be sent to the consumer in the PGP format defined in the Consuming Partner.

    The fact that the ConsumerPgpExtension value may be:
    • .pgp - consumer prefers a PGP file
    • .asc - consumer prefers an ASCII encoded pgp file
    • (blank) - consumer does not prefer a PGP file
    Seems to hint that PGP encryption can somehow be based on the Consuming Partner PGP Configuration

     Any recommendations would be appreciated.

    ------------------------------
    Vincent Miller
    ------------------------------

    #filetransfer
    #DataExchange


  • 2.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Tue May 05, 2020 11:15 AM
    Did you consider using a custom protocol to control plain, encryption and encryption with signing, and the file name extensions?

    ------------------------------
    Rajasekhar Muthamsetty
    ------------------------------



  • 3.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Tue May 05, 2020 03:40 PM

    Rajasekhar Muthamsetty,

    Thank you for responding.

    Yes, we are aware we can address this with custom protocols.

    However, this means we would have to build custom protocols for all the protocols we use whose partners use PGP Encryption.

    We would also not be able to use the pgp package and unpackaged layers in the routing channel templates.

    This just seems like something that should be able to be done within the existing framework.

    And certain document references seem to imply it can be done.



    ------------------------------
    Vincent Miller
    ------------------------------



  • 4.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Fri May 08, 2020 11:30 AM
    If you have not already considered or tried, try this once.

    • Create RCT with no Encryption.
    • Edit FileGatewaySendMessage BP to query the TP profile (or custom reference table) to check if PGP and/or Signing required, and proceed.


    IBM advises to not edit these FG predefined BP's, But I believe this change can be done with precaution by keeping it's required inputs as is.

    ------------------------------
    Rajasekhar Muthamsetty
    ------------------------------



  • 5.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Mon May 18, 2020 09:13 AM

    Thank you for the suggestion.

    This is a possibility, would prefer not to change out-of-the-box BPs.

    I tried to find a way to use a custom PGP Package BP, but that does not seem to be configurable. 
    Seems the issue is really more with the Routing Service. setting the routing activity to failure since consumer is not set up.

    May try to set up 2 (or 3?) dynamic routing channel templates - pgp encrypt and sign, pgp encrypt, no encrypt - and use for most partners
      If the consuminlg partner is set up to encrypt and sign, then the first routing channel would work, and "hopefully" the "other' routing channels would not be attempted
      If the consuming partner is NOT set up to encrypt and sign, then the first routing channel would fail, and then the encrypt only routing channel would be attempted, if the consuming partner was set up for encryption only, then the routing would succeed, and "hopefully" the no encrypt routing channel would not be attempted
      If the partner is set up not to encrypt, then the 3rd routing channel would be used and should be successful.


    This too seems "convoluted" even if it did work ... but may be worth it.  At least it would separate the consumer pgp preference from being "in sync" with the routing channel.

    just rambling . . . 



    ------------------------------
    Vincent Miller
    ------------------------------



  • 6.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Mon May 18, 2020 12:54 PM
    Sure. It's my understanding that Routing Channels will be selected based on Producer (MB Path) and Filename pattern, in this case, this info will be the same on all Dynamic RCT.

    It would be great if you let us know how it works once you implement it.

    ------------------------------
    Rajasekhar Muthamsetty
    ------------------------------



  • 7.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Tue May 19, 2020 01:17 PM

    If you set the "PGP Encryption" Layer in your template to optional (EncryptionRequired=no and SignatureRequired=no), then SFG will skip PGP in cases where the Consumer isn't configured with PGP.

     

    This communication is intended to be received only by the individual[s] or entity[s] to whom or to which it is addressed, and contains information which is confidential, privileged and subject to copyright. Any unauthorized use, copying, review or disclosure is prohibited. Please notify the sender immediately if you have received this communication in error [by calling collect, if necessary] so that we can arrange for its return at our expense. Thank you in advance for your anticipated assistance and cooperation.

    Cette communication est destinée uniquement à la personne ou à la personne morale à qui elle est adressée. Elle contient de l’information confidentielle, protégée par le secret professionnel et sujette à des droits d'auteurs. Toute utilisation, reproduction, consultation ou divulgation non autorisées sont interdites. Nous vous prions d’aviser immédiatement l’expéditeur si vous avez reçu cette communication par erreur (en appelant à frais virés, si nécessaire), afin que nous puissions prendre des dispositions pour en assurer le renvoi à nos frais. Nous vous remercions à l’avance de votre coopération.





  • 8.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Wed May 20, 2020 02:49 AM
    RCT PGP


    ------------------------------
    Wai Man Wong
    ------------------------------



  • 9.  RE: SFG - How can SFG be configured to base PGP Encryption on Consuming Partner configuration?

    Posted Tue May 26, 2020 07:07 PM
    #Carrie Easterling
    Thank you a thousand times!
    I knew it had to be "simple"!
    Working as desired.
    Reduced # of RCTs 4 times.  And enable Consumer Broadcast Group  routes to include encrypted and unencrypted partners.​
    Another spot where B2Bi defaults are sub-optimal, always worried about backward compatibility, but making initial implementations require too many config changes necessary to use B2Bi in a low maintenance, robust and high performance manor.

    ------------------------------
    Vincent Miller
    ------------------------------