Unable to perform PGP encryption with Tactical Assertion
search cancel

Unable to perform PGP encryption with Tactical Assertion

book

Article ID: 98034

calendar_today

Updated On:

Products

STARTER PACK-7 CA API Gateway

Issue/Introduction

We are unable to perform the PGP encryption with Public Key after install the assertion (Symmetric Key Encryption / Decryption Assertion). 

I have tested with various PGP keys but still getting the same error Error Message is as follows :

com.l7tech.external.assertions.symmetrickeyencryptiondecryption.server.ServerSymmetricKeyEncryptionDecryptionAssertion: Error encrypting text
 
PGP encryption/decryption is available via the Tactical Assertion : SymmetericKeyEncryptionDecryptionAssertion  

The tactical assertion can be obtained from CA Support upon request, there is requirement to acknowledge a warning of the risks of using lower level encryption, and approval for distribution is given by CA Engineering group.  

For PGP encryption however the module is needed. 

Environment

Release:
Component: APIGTW

Resolution


Initially, I had the same issue and the PGP encryption was failed with this same error. But when I read the instructions very closely all the fields are base64 encoded.   

The PGP Public Key is normally PEM encoded, which is a base64 encoding scheme, so I had assumed that was applicable and it was already base64 encoded. 

But the PEM encoded PGP public key then also needs to be base64 encoded again.  

So I had to add : 
      Set Context Variable pgppublickey = String : --- BEGIN ...
      Base 64 Encode $pgppublickey} into ${b64pgppublickey} 


And then the encryption worked as expected. 

I've uploaded a sample policy for encrypting using a generated public key. 

Here is the policy, note the Base64 encode of the PGP Public key.


Here is the PGP Public key, in its normal PEM (Privacy Enhanced Mail) format : 
 


And the settings for the PGP Public Key encryption :

(note the input is the base64 encoded version of the public key.)

Attachments

1558699980300000098034_sktwi1f5rjvs16jyg.png get_app
1558699978576000098034_sktwi1f5rjvs16jyf.png get_app
1558699976690000098034_sktwi1f5rjvs16jye.png get_app
1558536443251working2-testencryptbasic.xml get_app