none
PGP encryption with the private key RRS feed

  • Question

  • Hello Experts,

    We have the PGP public and private key pair. We are encrypting using the private key and sharing the public key with the client for decrypting. I am using the PGP Pipeline Component [BAJ] for the encryption purpose in the send pipeline. So when I using the component in the Pipeline.

    When I build the solution it gives me

    Component 'PGP Pipeline Component [BAJ]' properties validation failed. Public Key File is required for encryption.   

    But when I am giving as

    It doesnot throw any error while building but throws error in the Biztalk admin console when I am trying to send a file with encryption like

    There was a failure executing the send pipeline: "BizTalk.PIFundSendPipeline, BizTalk.Labs, Version=1.0.0.0, Culture=neutral, PublicKeyToken=3de501d0771ad572" Source: "PGP Pipeline Component [BAJ]" Send Port: "FILE-PIFile-Archive" URI: "E:\Dropbox\Test\send\%datetime%_pi.csv" Reason: Can't find encryption key in key ring.

    Any help is greatly appreciated.

    Thursday, September 15, 2016 2:40 PM

Answers

  • Well, you need to make sure the right key is in the right file.

    Also, the BizTalk process need to have access to the key files, permissions wise.

    Thursday, September 15, 2016 3:53 PM
    Moderator

All replies

  • Hi Sid

    The error is stating why it is failing.

    Encryption always happens using the public key.

    Decryption happens using the private key.

    So you need to switch the keys in the pipeline components.


    Thanks Arindam

    Thursday, September 15, 2016 2:55 PM
    Moderator
  • Thanks Arindam. So we will use the public key from the client for encrypting and they ll use their private key for decrypting. Is that correct??

    Thursday, September 15, 2016 3:08 PM
  • We have the PGP public and private key pair. We are encrypting using the private key and sharing the public key with the client for decrypting.

    Sorry, you can't do this and there is no way around it other than using a Public Key issued by the receiver.  This is because PGP uses Public Key Encryption.  This is so only the intended receiver can decrypt the data with their Private Key.

    You can use your Private Key to sign the message, but I don't think this implementation of the PGP Pipeline Component supports that.

    So, you need to request a Public Key from you Trading Partner and use that to encrypt the message.

    Thursday, September 15, 2016 3:18 PM
    Moderator
  • Thanks Arindam. So we will use the public key from the client for encrypting and they ll use their private key for decrypting. Is that correct??

    You only need their Public Key.  Then only they will be able to decrypt the message, with the Private Key.
    Thursday, September 15, 2016 3:20 PM
    Moderator
  • That's right Sid.

    Only one entity should be able to decrypt - the entity that owns the private key. This key is used for decrypting.

    Public keys can be distributed to multiple clients - to encrypt and send it to the owner of the private key. 

    Make sure that the "PublicKeyFile" path that you specify below is actually the Public key.

    The path says E:\Certificates\PrivateKeys\abc.ppk. Probably you need to change this to point to the public key file.


    Thanks Arindam



    Thursday, September 15, 2016 3:22 PM
    Moderator
  • I was just trying to test the encryption how it works by just encrypting with our public key.(Only for testing purpose, I understand we will be encrypting with the Client's public key)

    But still again I see the same error.

    There was a failure executing the send pipeline: "BizTalk.PIFundSendPipeline, BizTalk.Labs, Version=1.0.0.0, Culture=neutral, PublicKeyToken=3de501d0771ad572" Source: "PGP Pipeline Component [BAJ]" Send Port: "FILE-PIFile-Archive" URI: "E:\Dropbox\Test\send\%datetime%_pi.csv" Reason: Can't find encryption key in key ring.

    Thursday, September 15, 2016 3:35 PM
  • It doesn't matter whose Key it is.  You can only Encrypt using a Public Key.

    You can Encrypt with your own Public Key, then Decrypt with your Private Key.

    The Key itself knows what it is so you can try to fool the encrypt/decrypt routing.

    Thursday, September 15, 2016 3:38 PM
    Moderator
  • I understand Johns. I am encrypting with the public key, Public-Key-TEST (is a public key). I am not doing decryption here. Just want to see if it is getting encrypted, but I see the error like Can't find encryption key in key ring.
    Thursday, September 15, 2016 3:41 PM
  • Well, you need to make sure the right key is in the right file.

    Also, the BizTalk process need to have access to the key files, permissions wise.

    Thursday, September 15, 2016 3:53 PM
    Moderator