PGP Encryption and Decryption of file using MFT

nitin.agarwal · December 3, 2022, 1:17pm

Introduction

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. When files are encrypted, they are stored on a user’s drive in a format that cannot be read outside of ActiveTransfer. Encrypted files are decrypted only if they are transferred back through ActiveTransfer using the same key that was used to encrypt them.

Generating PGP Public and Private key pairs

Run the webMethods Integration Server service in WmMFT package: wm.mft.security.pgp:generatePGPKeyFiles.
Provide the privateKeyPath where we want to place the public/private key pair of the PGP file in the file system, and provide the private key password in the password field.

Note: The default expiry of the keys are 365 days if we do not provide validityDays.

After clicking OK the PGP public and private keys are generated in the file path specified as below:
/apps/data/POC/Keys/

private.pub : public key (Encryption key)
private.key : private key (Decryption key)

Encryption of File content using PGP Public Key:

Step 1: Creating an MFT event on MWS for encryption of file content using PGP Public key:

Here we are going to create a scheduled event that can be invoked manually using IS service :

a) Create a new Schedule event with Criteria as Manual so event can be invoked within IS service (we can also use scheduled event instead of manual event)

b) Add a Find action from where the event will pick the file when the event gets triggered:
Here [sourcePath] is the source directory path of the file in the file system that needs to be encrypted.

c) Add an action File Encrypt as below:

Provide the PGP Public key path as [encryptionKeyPath] which is placed in the file system (private.pub) .The PGP public key will be used to encrypt the file content. After encryption the file is saved with .pgp extension.

Note: We may check mark Delete original file, this will delete the original non-encrypted file from the file path.

d) Add a File Move Action to move the encrypted file to destination folder.
Specify [destinationPath] in the Destination URL, the encrypted file will be moved here with .pgp extension.

Step 2: Invoke the MFT event from webMethods Integration Server service:

To test the file encryption, run the service: wm.mft.schedule:executeEvent in WmMFT package and specify below input parameters
scheduleName: Name of the MFT event
eventParams: Below event parameters are supplied dynamically as key/value pair to the event: sourcePath: file system path of the file which needs to be encrypted
destinationPath: file system path where file will be moved after encryption
encryptionKeyPath: file system path of the PGP public key

On running the service the file “myfile.txt” will be encrypted in the archive folder as below with .pgp extension:

Decryption of File content using PGP Private Key

Step 1: Create MFT event in MWS for File decryption using PGP

The Encrypted file can be decrypted using a PGP Private key, and then the decrypted file can be moved to a target destination folder, where it can be processed further as per our business requirements.
Use the below steps to create a MFT scheduled event for file decryption:

a) Create a scheduled event with Execute action as Manual. Add a Find action and specify sourcePath.
Where sourcePath is the file path in the file system of the encrypted file.

b) Add the File Decrypt action and specify decryptionKeyPath and password of the PGP private key.
Where decryptionKeyPath is path of the PGP private key located in the file system
Select DeleteOriginal file check mark so it will delete the original encrypted file.

c) Add a File Move Action and specify the destination path where we want to move the unencrypted file. After decryption the .pgp extension of the encrypted file is removed in the unecrypted file name.