webMethods.io Integration PGP encryption & decryption

Introduction

This article explains setting up the PGP connector and encrypting and decrypting the data using the PGP keys.

Pre-requisite

It is assumed that readers of this article know how to create integrations on webMethods.io integration.

What is PGP?

• Pretty Good Privacy (PGP) is a security program used to decrypt and encrypt messages and authenticate it through digital signatures.

For more details, please refer Pretty Good Privacy - Wikipedia

How PGP works?

• PGP works through a combination of cryptography, data compression, and hashing techniques.
• It is similar to other popular encryption methods such as Kerbos, which authenticates network users, secure sockets layer (SSL), which secures websites, and the Secure File Transfer Protocol (SFTP), which protects data in motion.

Encryption and Decryption

• PGP uses the public key system in which every user has a unique encryption key known publicly and a private key that only they know.
• A message is encrypted when a user sends it to someone using their public key, then decrypted when the recipient opens it with their private key.
• It combines private-key and public-key cryptography and the use of symmetric and asymmetric key technology to encrypt data as it travels across networks.

Usecase:

• In our use case we will encrypt the data in webmethods.io flow service using PGP keys and will store the encrypted data in some cloud location. In our case, we are going to use the Azure Blob storage as our storage.

• Encryption will be done using the public key

• Once the encrypted data is stored in Azure storage location. We will pull the data from Azure storage and will decrypt it using the PGP private key.

Connector Used

• PGP connector used for encryption and decryption of data.

• Azure storage connector used for storing and retrieving the data.

Create a PGP connector account in webMethods.io Integration.

• In our case we have created the PGP keys and certificates using
https://pgptool.org/
• From the above tool we have generated the public key, private key and passphrase.
• When we were configuring the PGP account we supplied same details.

Flow Service to Encrypt the message.

• In this flow service we have encrypted the data and uploaded it to third-party storage location. In this case, we have Azure data as a storage location.

• You can use any storage location for uploading the data.

• A private key is not required to encrypt the message. Encryption is done using the public key.

Flow Service to Decrypt the message *

• In this flow service we are pulling the encrypted data from Azure storage location.

• Decrypting the message using the private key corresponding to the public key with which we have encrypted the message.

• Private key is mandatory to decrypt the message.

Note:

  • Attached are the flow services used for the encryption and decryption of the messages.
    image
    image
3 Likes