EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PGP Passphrase in Event Log

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 02/10/2009 08:08:18
by Kel Koenig II (Standard support level)
Joined: 07/25/2008
Posts: 41

Why when you update the configuration of a Receive Port that is using the PGP transport does a message get thrown in the Application Event Log that contains all of the configuration information, including the PGP Passphrase? This passphrase is supposed to be encrypted and I never would have expected it to be written in clear text to the event log. The actual event is below, I've removed the SBB Subscription key but the rest of the message is accurate, including, ><PGPKeyPassphrase>start@123</PGPKeyPassphrase>

Event Type: Information
Event Source: SecureBlackbox.BizTalk.Adapters
Event Category: None
Event ID: 0
Date: 2/10/2009
Time: 8:10:53 AM
User: N/A
Computer: VMPBIZTKD26
StaticAdapterManagement::ValidateConfiguration() xmlInstance='<Config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><PollingInterval>5</PollingInterval><ErrorThreshold>3</ErrorThreshold><MaxFilesNum>1</MaxFilesNum><TraceMode>2</TraceMode><TraceToFile>False</TraceToFile><TraceToEventLog>True</TraceToEventLog><TraceFilename /><PGPFilePath>C:\HRDataServices\FileDrop\HRDataServices.DataHub\PGP\TODECRYPT</PGPFilePath><PGPFileMask>*.pgp</PGPFileMask><PGPPublicKeyringFile /><PGPPublicKeyringValue /><PGPPublicKeyringSource>0</PGPPublicKeyringSource><PGPSecretKeyringFile>C:\apps\Corporate.Encryption\dvlpContractPALSec.pgp</PGPSecretKeyringFile><PGPSecretKeyringValue /><PGPSecretKeyringSource>0</PGPSecretKeyringSource><PGPDeleteFiles>True</PGPDeleteFiles><PGPPassphrase /><PGPKeyPassphrase>start@123</PGPKeyPassphrase><SBBLicenseKey></SBBLicenseKey><PGPRequireSignatures>False</PGPRequireSignatures><PGPCheckKeyExpirationTime>False</PGPCheckKeyExpirationTime>PGP://C:\HRDataServices\FileDrop\HRDataServices.DataHub\PGP\TODECRYPT/*.pgp</Config>'

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Posted: 02/10/2009 08:34:35
by Ken Ivanov (EldoS Corp.)

Thank you for reporting this, will be checked immediately.



Topic viewed 2748 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!