Friday, February 26, 2021

PGP Encryption and Decryption in OIC

 While working on integrations, we often get requirements to encrypt or decrypt file in OIC.

Commonly we do encryption and decryption in two ways in OIC integrations:

  1. Using FTP adapter
  2. Stage file operation

Both the above have different ways of key setups in OIC.

For FTP adapter, we upload the keys when we create connection.

In this article we will see how to encrypt and decrypt file using "Stage File" Operation.

Below steps can be followed to achieve the same:

  • Generate Key pair(public and private PGP keys)
  • The keys can be easily generated by pgptool, gpgsuite, any website online etc.
  • If we open the keys in any text editor, the keys would look like below:
 
 
 
 

 
  • Once the keys are generated we, we need to upload in OIC.
  • If we have requirement of encryption as well as decryption both then we need to upload both the keys in OIC otherwise only Public key needs to be uploaded if we need to just encrypt the file and provide the private key and passphrase to the system where we are sending the encrypted file so that they can decrypt it.
  • Login to OIC console

 

  • Click on Settings

 

 

 

  • Then Click on Certificates

  • Click on upload
 
 
  • Provide the details, Select type as public key and browse the public key file , which you had created earlier.
  • Similarly Do for Private key if required to decrypt files.
 
 
 
  • Once these keys are loaded , we can see them in certificate list as configured.
 
 
 
  • The keys are uploaded, so now we will create a simple integration which would encrypt the file with the public key.
  • In the integration we will take example of running a BIP report and then writing it to stage->zipping it->and then we will encrypt the zip file->send the encrypted message response to calling application.
  • We can also directly encrypt the report file directly. 
  • Let us create an app driven integration and expose it as rest endpoint.
  • In the sample integration we will send encrypted  data as Binary- Octet stream. 
  • The URL/template Parameter {ds} is optional. We are using it to optionally query the BIP report. This can be removed if not required.

 

 

 

 

 

  • As we see below in stage file operation we have an option to encrypt or decrypt the file.
  • We can encrypt or decrypt from here directly using the keys we had uploaded. In our example we are doing separately after zipping the output file.
 
 
 
  • Encrypting the zipped file in separate step

 



  • Now map the encrypted file reference to octet stream reference of the endpoint response

 
 
  • Save and close the integration
  • Activate the integration and test

 

 

  • Click on Play Button and then click on test 


 
  • Template/URL parameter is optional in our example, click on test
  • The encrypted message will be like below

 

 

  • Now we will decrypt this message manually using the private key to get the actual file.
  • We will use PGP tool software to decrypt the file.
  • Copy the response message in any text-pad and save it in a file for eg. .pgp extension
 
  • Now open the pgp tool. You can also use any windows based tool to decrypt
 
 

 
  • Import your private key

 
 
  • After importing the private key, now click on decrypt file and browse the file to decrypt.
 
 
 
 
 
  • Enter the private key password.
 
 
 
  • Select the directory where you want to place the decrypted file.
 
 
 
 
  • Click on decrypt, since we have selected the decrypted file to be placed in same folder. decrypted file will be placed in the same folder where our source file was.
 
  • The decrypted file will look like below
 
 
 
  • Since our source file was a zip file so we will rename it with .zip   extension

 

 

  • Now when we extract the zip file, we will get the actual BIP output csv file inside it.
 
 
 
  • When we open the csv file, we should be able to see the actual output.
 

at No comments:
Subscribe to: Posts (Atom)