...
Encrypt a single file or multiple files given a file pattern. Optionally sign the encrypted file(s). Public key for encryption and Private Key for signing, are retrieved from the keystore stored in the locally running GnuPG tool, though fields ‘Local Key' and 'Private Key For Signing' respectively.
Configuration examples
| |
Encrypt and sign a single file, using keys from a keyring file on the local GPG.
User Scenario: Retrieve the single file "finance_report.csv", and encrypt it in ASCII format, using PGP key that exists on a local GPG keyring file, stored in /home/.gnupg directory. After the encryption is completed, sign the encrypted file. Allow the integration to overwrite any existing encrypted file with the same name. | Encrypt and sign multiple files matching a pattern, using keys stored in the default keyring of the local GPG.
User Scenario: Retrieve all matching files based on filename pattern "finance_2*.csv", and encrypt it in ASCII format, using PGP key that exists on the default keyring of the local GPG. After the encryption is completed, sign the encrypted files. The task instance will fail if no matching files are found. It will also stop its execution on the first encryption error. To be proactive, the environment variable 'UE_GNUPG_VERBOSE_OUTPUT' will provide additional information on the STDOUT. |
Action Output
Output Type | Description | Example |
|---|
EXTENSION | The extension output provides the following information: |
| Code Block |
|---|
| title | Successful Encryption Example |
|---|
| collapse | true |
|---|
| {
"exit_code": 0,
"status_description": "Task executed successfully",
"invocation": {
"version": "1.0.0",
"extension": "ue-gnupg",
"fields": {
...
}
},
"result": {
"errors": [],
"metadata": {
"metadata": {
"count": 2,
"input_file_count": 3,
"success_count": 1,
"failure_count": 1,
"skip_count": 1
},
"files": [
{
"source_file": "/source_directory/gpg_test1.txt",
"target_file": "/target_directory/pgp_test1.txt.asc",
"status": "Encrypted",
"message": null
},
{
"source_file": "/source_directory/gpg_test2.txt",
"target_file": "/target_directory/pgp_test2.txt.asc",
"status": "Encrypted",
"message": null
}
]
}
}
} |
| Code Block |
|---|
| title | Failed Execution |
|---|
| collapse | true |
|---|
| {
"exit_code": 100,
"status_description": "Execution failed: At least one file processing failed.",
"invocation": {
"version": "1.0.0",
"extension": "ue-gnupg",
"fields": {
...
}
},
"result": {
"metadata": {
"count": 3,
"input_file_count": 4
"success_count": 1,
"failure_count": 2,
"skip_count": 1
},
"files": [
{
"source_file": "/source_directory/pgp_test1.txt",
"target_file": "/target_directory/pgp_test1.txt.pgp",
"status": "Encrypted",
"message": null
},
{
"source_file": "/source_directory/pgp_test2.txt",
"target_file": "/source_directory/pgp_test2.txt.pgp",
"status": "Not encrypted",
"message": "invalid recipient, not found:dummy.pub"
},
{
"source_file": "/source_directory/pgp_test3.txt",
"target_file": "/source_directory/pgp_test3.txt.pgp",
"status": "Not encrypted",
"message": "invalid recipient, not found:dummy.pub"
}
]
} |
| Code Block |
|---|
| title | Generic Failed Execution |
|---|
| collapse | true |
|---|
| {
"exit_code": 1,
"status_description": "Execution Failed: ...",
"invocation": {
"version": "1.0.0",
"extension": "ue-gnupg",
"fields": {
...
}
}
"result": {
"errors": [
"Execution Failed: ..."
]
}
} |
|
| STDOUT | Display in STDOUT all GPG tool verbose information when ‘UE_GNUPG_VERBOSE_OUTPUT’ environment variable is true/True. |
| Code Block |
|---|
| title | STDOUT Example |
|---|
| collapse | true |
|---|
| gpg --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons --homedir C:\DATA\gpg --list-config --with-colons
gpg --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons --homedir C:\DATA\gpg --encrypt --recipient robot_rsa --yes --output C:\DATA\windev76\UAGSrv\ue-gnupg-demo\test_rsa.txt.gpg --trust-model always
[GNUPG:] KEY_CONSIDERED 70BE8B3FBFCBC5638B6715EEFD9C1F2E818BD452 0
[GNUPG:] KEY_CONSIDERED 70BE8B3FBFCBC5638B6715EEFD9C1F2E818BD452 0
[GNUPG:] BEGIN_ENCRYPTION 2 9
[GNUPG:] END_ENCRYPTION
|
|
...
Encrypt a single file or multiple files given a file pattern. Optionally sign the encrypted file(s). Public key for encryption and Private key for signing, are retrieved from a UDMG server, though fields ‘UDMG Key Name' and 'UDMG Private Key For Signing' respectively.
Configuration examples
| |
Encrypt and sign a single file, using keys stored on a UDMG server.
Retrieve the single file "finance_report.csv", and encrypt it, using PGP key that exists on a UDMG server. After the encryption is completed, sign the encrypted file. PGP Keys will temporarily be stored on the local GPG, and removed as soon the task instance is completed. Allow the integration to overwrite any existing encrypted file with the same name. | Encrypt multiple files, using keys stored on a UDMG server.
Retrieve all matching files based on filename pattern "finance_2*.csv", and encrypt them, using a PGP key that exists on the default keyring of the local GPG. The task instance will fail if no matching files are found. It will stop its execution on the first encryption error, and will skip to encrypt a file if there is an existing one with the same name encrypted. |
Action Output
| Info |
|---|
Action Output is the same as described in Action Encrypt With Local Keystore. |
...
Decrypt a single file or multiple files given a file pattern. Optionally verify the signature of a signed and encrypted file. Private key for decryption is retrieved from local GPG keystore, through field 'Local Key'.
Configuration examples
| |
Decrypt single file using private key stored in local GPG keystore and verify the signature.
Retrieve single file and decrypt it, using a PGP key that exists on the local GPG keystore. After the decryption is completed, verify the file has been signed by ‘admin.finance@example.com'. The task instance overwrite any file named ‘finance_report' and delete the original decrypted file 'finance_report.gpg’. | Decrypt multiple files using private key stored in local GPG keystore and verify the signature.
Retrieve all matching files based on filename pattern "finance_2*.gpg", and decrypt them, using a PGP key that exists on the local GPG keystore. After the decryption is completed, verify for each file that has a signature of email 'admin.finance@example.com'. Using a GPG option, ignore any MDC error produced during decryption. The task instance will stop its execution either when no matching files are found, or on the first decryption or verification error. |
Action Output
Output Type | Description | Example |
|---|
EXTENSION | The extension output provides the following information: - exit_code, status_description: General info regarding the task execution.
- result.metadata.count: Number of files that have been decrypted. Skipped files are not counted here.
- result.metadata.input_file_count: Number of files matched the Input Path or Pattern field.
- result.metadata.success_count: Number of files successfully decrypted.
- result.metadata.failure_count: The number of files failed to be decrypted.
- result.metadata.skip_count: Number of files skipped to be processed due to previous error or due to overwrite flag.
- result.files.source_file: The source file path.
- result.files.target_file: The target file path.
- result.files.status: The status of the operation on the specific file. Possible values (Decrypted | Not decrypted).
- result.files.message: The error message.
- result.errors: List of generic or unexpected errors.
|
| Code Block |
|---|
| title | Successful Execution |
|---|
| collapse | true |
|---|
| {
"exit_code": 0,
"status_description": "Task executed successfully",
"invocation": {
"version": "1.0.0",
"extension": "ue-gnupg",
"fields": {
...
}
},
"result": {
"errors": [],
"metadata": {
"metadata": {
"count": 2,
"input_file_count": 3,
"success_count": 1,
"failure_count": 1,
"skip_count": 1
},
"files": [
{
"source_file": "/source_directory/gpg_test1.txt.gpg",
"target_file": "/target_directory/pgp_test1.txt",
"status": "Decrypted",
"message": " decryption ok"
},
{
"source_file": "/source_directory/gpg_test2.txt.gpg",
"target_file": "/target_directory/pgp_test2.txt",
"status": "Not decrypted",
"message": "not found:my_key private key"
}
]
}
}
} |
| Code Block |
|---|
| title | Failed Execution |
|---|
| collapse | true |
|---|
| {
"exit_code": 100,
"status_description": "Execution failed: At least one file processing failed.",
"invocation": {
"version": "1.0.0",
"extension": "ue-gnupg",
"fields": {
...
}
},
"result": {
"metadata": {
"count": 3,
"input_file_count": 4,
"success_count": 1,
"failure_count": 2,
"skip_count": 1
},
"files": [
{
"source_file": "/source_directory/pgp_test1.txt.pgp",
"target_file": "/target_directory/pgp_test1.txt",
"status": "Decrypted",
"message": null
},
{
"source_file": "/source_directory/pgp_test2.txt.pgp",
"target_file": "/target_directory/pgp_test2.txt",
"status": "Not decrypted",
"message": " not valid data"
},
{
"source_file": "/source_directory/pgp_test3.txt.pgp",
"target_file": null,
"target_file": "/target_directory/pgp_test3.txt",
"status": "Not decrypted",
"message": " not valid data"
},
]
}
} |
| Code Block |
|---|
| title | Generic Failed Execution |
|---|
| collapse | true |
|---|
| {
"exit_code": 1,
"status_description": "Execution Failed: ...",
"invocation": {
"version": "1.0.0",
"extension": "ue-gnupg",
"fields": {
...
}
}
"result": {
"errors": [
"Execution Failed: ..."
]
}
} |
|
| STDOUT | Display in STDOUT all GPG tool verbose information when ‘UE_GNUPG_VERBOSE_OUTPUT’ environment variable is true/True. |
| Code Block |
|---|
| title | STDOUT Example |
|---|
| collapse | true |
|---|
| gpg --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons
--homedir C:\DATA\gpg --list-config --with-colons
gpg --pinentry-mode loopback --status-fd 2 --no-tty --no-verbose --fixed-list-mode
--batch --with-colons --homedir C:\DATA\gpg --passphrase-fd 0 --decrypt --yes
--output C:\DATA\windev76\UAGSrv\ue-gnupg-demo\test_rsa.txt --trust-model always
[GNUPG:] ENC_TO BCA783824F1E76CD 1 0
[GNUPG:] KEY_CONSIDERED 70BE8B3FBFCBC5638B6715EEFD9C1F2E818BD452 0
gpg: encrypted with rsa3072 key, ID BCA783824F1E76CD, created 2024-02-08
"robot_rsa <robot.rsa@ueqa.com>"
[GNUPG:] KEY_CONSIDERED 70BE8B3FBFCBC5638B6715EEFD9C1F2E818BD452 0
[GNUPG:] KEY_CONSIDERED 70BE8B3FBFCBC5638B6715EEFD9C1F2E818BD452 0
[GNUPG:] DECRYPTION_KEY 67FB5708B59E2CBB646A5DCFBCA783824F1E76CD 70BE8B3FBFCBC5638B6715EEFD9C1F2E818BD452 -
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_INFO 2 9 0
[GNUPG:] PLAINTEXT 62 1707406246 test_rsa.txt
[GNUPG:] PLAINTEXT_LENGTH 6790
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION |
|
...
Decrypt a single file or multiple files given a file pattern. Optionally verify the signature of a signed and encrypted file. Private key for decryption is retrieved from a UDMG server, through field 'UDMG Key Name'.
Configuration examples
| |
Decrypt a single file using a private key stored on a UDMG server.
Retrieve a single file based and decrypt it, using a PGP key that exists on a UDMG server. The task instance will stop its execution on the first decryption or verification error and will overwrite any existing decrypted file with the same name. | Decrypt multiple files with private key stored on UDMG server and verify their signature.
Retrieve all matching files based on filename pattern "finance_2*.csv", and decrypt them, using a PGP key that exists on a UDMG server. After the decryption is completed, verify for each file that has a signature of email 'admin.finance@example.com'. Using a GPG option, ignore any MDC error produced during decryption. The task instance will stop its execution on the first decryption or verification error. |
Action Output
| Info |
|---|
Action Output is the same as described in Action Decrypt With Local Keystore. |
...
Changelog
ue-gnupg-1.0.0 (2024-06-
0706)
Initial version
