GPG Task
This integration has been sunset
It is replaced by UAC Utility: GnuPG.
- 1 Overview
- 2 Version Information
- 3 Software Requirements
- 4 Key Features
- 5 Import Universal Template
- 6 Configure Universal Task
- 7 Supported Actions
- 7.1 Action: Encrypt
- 7.2 Action: Decrypt
- 7.3 Action: Sign
- 7.4 Action: Sign Key
- 7.5 Action: Import Private Key
- 7.6 Action: Import Public Key
- 7.7 Action: Export Private Key
- 7.8 Action: Export Public Key
- 7.9 Action: List Keys
- 7.10 Action: List Secret Keys
- 7.11 Action: Generate Key Pair
- 7.12 Action: Delete Key
- 7.13 Action: Delete Secret Key
- 8 Task Output
- 8.1 Exit Codes
- 8.2 STDOUT and STDERR
- 9 Document References
- 10 Known Issues
- 11 Changelog
Disclaimer
Your use of this download is governed by Stonebranch’s Terms of Use, available at Stonebranch Integration Hub - Terms of Use.
Overview
This Universal Task provides the capabilities for Encrypting and Decrypting Files using GnuPG.
GnuPG (GNU Privacy Guard) is a free and open-source software tool that provides encryption and digital signature functionality for secure communication and data protection.
Version Information
Template Name | Internal Name | Version |
|---|---|---|
CS GPG | ut-cs-gpg | 1.0.4 |
Refer to Changelog for version history information.
Software Requirements
Software Requirements for Universal Template and Universal Task
This integration requires a Linux or Windows Universal Agent and gpg (GnuPG) Version 2.4.2 or higher installed on the Server where the Universal Agent is installed.
Tested with (GnuPG) Version 2.4.2.
Software Requirements Universal Agent
Linux and Windows agents are supported:
Universal Agent for Linux Version 7.1.0.0 and later with python options installed.
Universal Agent for Windows Version 7.1.0.0 and later with python options installed.
Software Requirements Universal Controller
Universal Controller Version 7.1.0.0 and later.
Key Features
The Universal Task provides the following key features:
Encrypt & Sign Files
Decrypt Files incl. verification of signee
Match Pattern support to select files for encryption, decryption, or signing
Sign Public Keys with one of the options Sign, Cleartextsign or Detachedsign
Import Private Keys
Import Public Keys
Export Private Keys
Export Public Keys
List Public Keys
List Secret Keys
Delete Public Keys
Delete Secret Keys
Generate a new Key Pair
Import Universal Template
Data type scripts private_key_default.asc and public_key_default.asc
need to be created first in the controller before you can import the template.
Alternatively, remove the value for the choice fields in the json by setting them to null.
To use the Universal Template, you first must perform the following steps.
This Universal Task requires the Resolvable Credentials feature. Check that the Resolvable Credentials Permitted system property has been set to true.
To import the Universal Template into your Controller, follow the instructions here.
When the files have been imported successfully, refresh the Universal Templates list; the Universal Template will appear on the list.
Configure Universal Task
For a new Universal Task, create a new task, and enter the required input fields.
The following list the different input fields required for a selected Action.
Supported Actions
The following Actions are supported:
Action | Use Case | Required Parameters |
|---|---|---|
Encrypt | Encrypt Files | •Source: Directory for Files to Encrypt or Sign •Target: Directory for Encrypted files •Encrypt File Pattern •Key ID ( Email or ID) of the Recipient Public Key |
Encrypt with option Sign | Encrypt and sign Files | •Source: Directory for Files to Encrypt or Sign •Target: Directory for Encrypted files •Encrypt File Pattern •Key ID ( Email or ID) of the Recipient Public Key •Email/ KeyID of the Private Key used for signing •Passphrase of the private key used for signing |
Decrypt | Decrypt Files | •Source: Directory for Files to Encrypt or Sign •Target: Directory for Encrypted files •Encrypt File Pattern •Key ID ( Email or ID) of the Recipient Public Key |
Sign | Sign Partner Public Key | •Passphrase of the Private Key of the Local User •Private Key Owner “Local User” |
Sign a File | Sign | •Email/KeyID of the Private Key used for signing •Passphrase of the private key used for signing |
Import Public Key | Import Public Key | •Public Key from Script Library |
Import Private Key | Import Private Key | •Private Key from Script Library |
Export Public Key | Export Public Key | •Key ID ( Email or ID) •Export Public Keys Path |
Export Private Key | Export Private Key | •Key ID ( Email or ID) •Export Private Keys Path |
List Keys | List | •Key ID ( Email or ID) of the public key owner |
List Secret Keys | List Secret Keys | •Key ID ( Email or ID) of the secret key owner |
Delete Secret Keys | Delete Secret Key | •Passphrase of the private key to delete •Fingerprint Key ID of the secret key ( choose the Action List Secret Keys to get the Key ID ) |
Delete Keys | Delete Public Key | •Fingerprint Key ID of the public key. Choose the Action List Keys to get the Key ID. Note: “Secret Key needs to be deleted first” |
Generate Key Pair | Generate Key Pair | •id: Identifier or name of the key pair owner •email: Email address associated with the key pair owner •passphrase: Passphrase to protect the generated key pair •key_type: Type of the RSA key, options: RSA, RSA1, RSA2 •key_length: Length of the RSA key in bits, e.g., 2048, 4096, 8192 •expire_date: Expiration date of the key pair, format: YYYY-MM-DD |
Action: Encrypt
Input Fields
The input fields for this Universal Task are described in the following table.
Field | Input Type | Value | Type | Description |
|---|---|---|---|---|
Action | Required | Encrypt | Choice | The following Actions can be selected: [ encrypt | decrypt | sign | sign_key | import_private_keys | import_public_keys | export_private_keys | export_public_keys | delete_keys | delete_secret_keys | list_keys | list_secret_keys | generate_key_pair ] |
GPG Home Directory | Required | Default: /usr/bin | Text | Home directory of the gpg installation. |
Directory for Files to Encrypt or Sign | Required | /Input | Text | Input directory for the Files to Encrypt or Sign |
Encrypt File Pattern | Required | files_* | Text | Wildcard '*' match is supported on Linux and Windows. Match Pattern to select the files for encryption are only supported on Linux. ; e.g. files_[1-2].txt is only support on Linux Agents. |
Directory for encrypted Files | Required | /Encrypted | Text | Output directory for the encrypted Files |
Email/ID of the Recipient Public Key | Required | Email: peter.meyer@yahoo.com ID: pmeyer | Text | Email/ID of the Recipient Public Key used to encrypt the file |
Overwrite Encrypted Files | Required | True | False | Boolean | Overwrite existing Encrypted Files |
Encrypt and Sign | Optional | True | False | Boolean | Encrypt and Sign the files using the private key |
Delete After Encryption | Optional | True | False | Boolean | Delete Input files in "Directory for Files to Encrypt or Sign" After Encryption. |
Passphrase used for Signing | Optional | '***' | Credential | Passphrase of the Private Key owner used for Signing |
Email/ KeyID of the Private Key used for signing | Optional | Email: peter.meyer@yahoo.com ID: pmeyer | Text | Email/ KeyID of the Private Key used for signing |
Configuration examples
Action: Decrypt
Input Fields
The input fields for this Universal Task are described in the following table.
Field | Input Type | Value | Type | Description |
|---|---|---|---|---|
Action | Required | Decrypt | Choice | The following Actions can be selected: [ encrypt| decrypt | sign | sign_key | import_private_keys | import_public_keys | export_private_keys | export_public_keys | delete_keys | delete_secret_keys | list_keys | list_secret_keys | generate_key_pair ] |
GPG Home Directory | Required | Default: /usr/bin | Text | Home directory of the gpg installation. |
Directory for Encrypted Files | Required | /encrypted | Text | Input directory for the Files to Decrypt |
Decrypt File Pattern | Required | files_* | Text | Wildcard '*' match is supported on Linux and Windows. Match Pattern to select the files for decryption are only supported on Linux. ; e.g. files_[1-2].txt is only support on Linux Agents. |
Overwrite Decrypted Files | Required | True | False | Boolean | Overwrite existing Decrypted Files |
Directory for Decrypted Files | Required | /Encrypted | Text | Output directory for the Decrypted Files |
Email/ KeyID of the private key | Required | Email: peter.meyer@yahoo.com ID: pmeyer | Text | Email/ID of the Recipient Private Key used to decrypt the file |
Delete After Decryption | Optional | True | False | Boolean | Delete Encrypted files in "Directory for Decrypted Files" After Decryption. |
Passphrase | Required | '***' | Credential | Passphrase of the Private Key owner used for decryption |
Configuration examples
Action: Sign
Input Fields
The input fields for this Universal Task are described in the following table.
Field | Input Type | Value | Type | Description |
|---|---|---|---|---|
Action | Required | Sign | Choice | The following Actions can be selected: [ encrypt| decrypt | sign | sign_key | import_private_keys | import_public_keys | export_private_keys | export_public_keys | delete_keys | delete_secret_keys | list_keys | list_secret_keys | generate_key_pair ] |
GPG Home Directory | Required | Default: /usr/bin | Text | Home directory of the gpg installation. |
Directory for Files to Encrypt or Sign | Required | /files | Text | Input directory for the Files to Sign |
Sign File Pattern | Required | files_* | Text | Wildcard '*' match is supported on Linux and Windows. Match Pattern to select the files for decryption are support on Linux only. ; e.g. files_[1-2].txt is only support on Linux Agents. |
Overwrite Signed Files | Required | True | False | Boolean | Overwrite existing Signed Files |
Directory for Signed Files | Required | /signed | Text | Output directory for the Signed Files |
Signing Options | Required | Default: Sign | Choice | [ Sign | Clearsign | Detachsign ]
|
Local User for Signing | Required | Email: peter.meyer@yahoo.com ID: pmeyer | Text | Email/ID of the Recipient Private Key used to Sign the file |
Delete After Sign | Optional | True | False | Boolean | Delete Signed files in "Directory for Signed Files" After Signing. |
Passphrase | Required | '***' | Credential | Passphrase of the Private Key owner used for signing |
|
|
|
|
|
Configuration examples
Action: Sign Key
Input Fields
The input fields for this Universal Task are described in the following table.