Unable to perform PGP encryption with Tactical Assertion
Article ID: 98034
Updated On:
Products
Issue/Introduction
We are unable to perform the PGP encryption with Public Key after install the assertion (Symmetric Key Encryption / Decryption Assertion).
I have tested with various PGP keys but still getting the same error Error Message is as follows :
com.l7tech.external.assertions.symmetrickeyencryptiondecryption.server.ServerSymmetricKeyEncryptionDecryptionAssertion: Error encrypting text
PGP encryption/decryption is available via the Tactical Assertion : SymmetericKeyEncryptionDecryptionAssertion
The tactical assertion can be obtained from CA Support upon request, there is requirement to acknowledge a warning of the risks of using lower level encryption, and approval for distribution is given by CA Engineering group.
For PGP encryption however the module is needed.
Environment
Component: APIGTW
Resolution
Initially, I had the same issue and the PGP encryption was failed with this same error. But when I read the instructions very closely all the fields are base64 encoded.
The PGP Public Key is normally PEM encoded, which is a base64 encoding scheme, so I had assumed that was applicable and it was already base64 encoded.
But the PEM encoded PGP public key then also needs to be base64 encoded again.
So I had to add :
Set Context Variable pgppublickey = String : --- BEGIN ...
Base 64 Encode $pgppublickey} into ${b64pgppublickey}
And then the encryption worked as expected.
I've uploaded a sample policy for encrypting using a generated public key.
Here is the policy, note the Base64 encode of the PGP Public key.
Here is the PGP Public key, in its normal PEM (Privacy Enhanced Mail) format :
And the settings for the PGP Public Key encryption :
(note the input is the base64 encoded version of the public key.)
Attachments
Feedback
