PGP Module OverviewLast Updated: 01/14/2019 Introduced in Version: 3.0
This tutorial demonstrates how to use the PGP Module Steps in Decisions, (Pretty Good Privacy). The PGP Module is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, emails, files, directories, and whole disk partitions. It can also be used to increase the security of email communications. PGP can be used to send messages confidentially. The PGP module steps combine symmetric key encryption and public key encryption. The message is encrypted using a symmetric encryption algorithm. This symmetric encryption algorithm requires a symmetric key. Each symmetric key or session key is used only once. The message and its session key are sent to the receiver. The session key must be sent to the receiver so that they know how to decrypt the message. The message is protected during transmission by encrypting the receivers public key. The encrypted key can only be decrypted with the symmetric key (session key).
- Note: This Module must be installed before it is available within Decisions. Links are attached at the bottom of the page.
- Note: PGP Module in Decisions cannot be used to generate PGP public and private keys. PGP Module may be used for building workflows to encrypt or decrypt messages or files. Therefore, public and private key for PGP steps in Decisions should be generated with third-party systems.
The PGP Module Steps can digitally sign a file. This module can verify that a message is authentic. A User signs it with a private key and then verify the files with a signature. The PGP Module steps include eight different steps that enable the designer to encrypt, decrypt and sign files. This document describes each step and how to configure it (Figure 1).
PGP Module Steps
Public Key: locks the message and converts the key into an encrypted file.
Private Key: Unlocks the encrypted file key and converts the message back into plain text.
- Clear Sign File – Digitally signs a file using a private key, but keeps the file contents in plain text.
- Decrypt File – Uses a private key to convert an encrypted file into plain text.
- Decrypt String – Uses a private key to convert an encrypted string into plain text.
- Encrypt File – Uses a public key to convert a plain text file into an encrypted file.
- Encrypt String – Uses a public key to encrypt a plain text string.
- Sign and Encrypt File – Uses a private key to digitally sign a file and a public key to encrypt it.
- Sign File – Uses a private key to digitally sign a file. The file is not in plain text so a decrypt file step is needed to read it.
- Verify File – Uses a public key to verify the digital signature on a file is authentic.
In the figures following, the PGP Module Steps are described in more detail and an example of the steps settings is explained.
1.Clear Sign File
On the Clear Sign File Step, the algorithm input creates a signature. The Inputs provide options to input data and upload a private key (Figure 2). In Figure 2 the image displays how this step is used in a flow.
- On the Clear Sign File on the Inputs section next to algorithm choose Constant and select MD5. Next, to data choose Select From Flow and Pick test file Contents (Figure 2).
- Part 2: On the Clear Sign File next to Output File Name choose Constant enter the Output File Name (clear signed.txt). Next, to private Key Password choose Constant and enter the key in the text box, (Figure 20).
2. Decrypt File
This Decrypt File Step takes in the encrypted file output and uses the private key password to unlock the private key. The Decrypt File step then uses the private key to decrypt the encrypted file. The private key has already been uploaded as a constant on this step. Now that the private key password and the private key have been unlocked the decrypted file will now output the File.
- On the Decrypt File Step in the Inputs section next to file choose Select From Flow and pick the Encrypt Files Output (Figure 4).
3. Decrypt String
The Decrypt String Step takes in the data from the Encrypted String output and uses the private Key Password to unlock the private key string. After the private key is unlocked the message is decrypted into a string using plain text.
- On the Decrypt String in the Inputs section next to data, choose Select From Flow. Choose the output from the Encrypt String Step. Next, to the Private Key Password select Constant and enter the private key. This example uses the word “test”. Next, to Private Key String choose Merge Plain Text, select Show Editor to view the string (Figure 5).
The image below (figure 6) shows a Merge Text Editor with the unlocked Private Key String.
- Decrypt String (Private Key String) – After Show Editor is selected, the Merge Text Editor will show and display the private key (test) as a string, (Figure 6).
4. Encrypt File
The Encrypt File Step takes in data contents and encrypts the message. Use the public Key option to assign the encrypted message a public Key. On the Encrypt next to public Key, set it as a Constant to upload a file.
- On the Encrypt File step in the Inputs section, next to binary select Constant. Next to data choose Select From Flow (test file.Contents), (Figure 7).
5. Encrypt String
The Encrypt Step takes in data and encrypts the data into a string with a public Key String. The step allows you to view the public Key String in plain text.
On the Encrypt String step set the data to Constant and give the input data a name (Test). Next to Public Key String set the type to Merge Plain Text and then select Show Editor. The Show Editor text box will have an encrypted string for the data name (Test). The output will be defaulted to Rename and already have an output name in the text box (Figure 8).
- Encrypt String (Public Key String)
After the Show Editor is selected the Public Key string will show in the Merge Text Editor (Figure 9).
6. Sign and Encrypt File
On the Sign and Encrypt File Step in the inputs section next to algorithms choose Constant and select the algorithm type from the drop-down. Next to binary choose Constant and leave the checkbox empty. Next to data choose Select From Flow and pick (the test file contents). Next to internal File Label choose Constant and enter (test label). Finally next to Output File Name choose Constant and enter signed and encrypted. txt (Figure 11).
- part 2
Continue onto the Sign and Encrypt File Step to Private Key choose Constant and upload your key. Next to Private Key Password choose Constant and enter the private Key password (test). Next to public Key select Constant. Next to with Integrity Check choose Constant and check the checkbox. In the Output section next to outputs choose Rename and make sure or add the Encrypt File_Output string (Figure 12).
7. Sign File Step
The Sign File Step uses a private key to digitally sign a file. This Step outputs a signed text file and then a Decrypt File Step is needed to decrypt and read the file.
On the Create Sign File Step in the inputs section next to algorithm choose Constant. Next, to binary choose Constant. Next, to data choose Select From Flow, and enter the test file. Contents. Next, to internal File Label choose Constant and enter a name in the text field. Next to Output File Name (Figure 13).
- part 2 Sign File Step
On the Sign File step next to private key choose Constant. Next, to private Key Password choose Constant and enter the Key in the text box (Figure 14).
8. Verify File
The Verify File Step takes in the output data and then uses the public key to verify that the digital signature is authentic.
On the Verify File Step in the Inputs section next to data choose Select From Flow and pick the SignFile Output Contents. Next, to sender Public Key choose Constant and add the File (Figure 15).