EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How do I configure the OpenPGPReceive Pipeline

Posted: 05/11/2011 12:04:50
by Kevin Oakes (Standard support level)
Joined: 05/11/2011
Posts: 4


The company I am working for recently purchased the license for your BizCrypto tools, and I have been tasked with figuring out how to utilize them. I am pretty new at using PGP encryption, and I am having some trouble. I am not sure exactly where I went wrong, so any help that can be provided will be greatly appreciated.

When I submit an encrypted message to BizTalk. I receive the following error:

No appropriate OpenPGP secret key for decryption found

The client gave us the following to decrypt it:

1. a key file
2. a password
3. a sub key

I have done this so far:
1. Created a new public and secret keyring.

2. Added the key file to the keyring, using the password we were provided as the -pass parameter.
(The output from the OpenPGPKeyTool indicated that the public keyring was updated, but the secret keyring was not. Therefore the generated secret keyring is empty)

3. Configured the pipeline:
CheckKeyExpirationTime - False
KeyPassphrase - [Password provided by client]
Passphrase - [Password provided by client]
PubKeyring - [Location of the keyring file I generated]
RequireSignatures - False
SecKeyring - [I have tried this both with my empty generated keyring, and the secbbox.skr file]
TemporaryPath - [Blank]
I also turned the tracing on

Things I am not sure of:
1. At no point did I see where I could utilize the Sub Key we were provided

2. I am not sure where, of the 3 places I have seen, to use the password provided

Again, any help would on this would be awesome.

Posted: 05/11/2011 15:22:19
by Ken Ivanov (Team)

Thank you for contacting us.

Subkeys are a compound part of an OpenPGP key, so both key and its subkeys are usually transferred as a single file. That is why the fact that you got a subkey apart from the "main" key is strange. Could you please provide us a little more details on these key files -- in particular, the names they have and (if possible) a textual comment from a client that accompanied those files.

The reason for the error you are getting is quite simple - the pipeline just does not see the secret key. The way in which it should be set depends on your answer to the above question.

You also do not need to set the Passphrase property, as it is expected to accept a passphrase for conventionally encrypted files.

BTW, please assign the license ticket you received with the registration letter to your web site account to get Standard support level -- this will let us help you faster.
Posted: 05/11/2011 16:10:57
by Kevin Oakes (Standard support level)
Joined: 05/11/2011
Posts: 4

Hello Innokentiy,

Thank you for replying.

The client sent us a file called test.key. This is a snippet of what was in it

Version: GnuPG v1.4.9 (AIX)

[Removed Actual Key]

The email I was sent from the client gave us this file, and then in the body of the email they stated what the sub key is. This is what made me think that the sub key is separate, but after what you said I am guessing it is not separate.

Also, what I thought was a password was actually just the Key ID. I tried removing that from the pipeline configuration and it still failed.
Posted: 05/11/2011 16:28:30
by Kevin Oakes (Standard support level)
Joined: 05/11/2011
Posts: 4

Additional note: I just tried extracting my public key from the keyring just to make sure I am doing that step righ, and the output was just seemingly random symbols. Is this to be expected? I have imported/extracted the key into other applications (Kleopatra) and it came out looking the same as it went in.

I used this command to get the key into the keyring:
OpenPGPKeyTool.exe -add -storage [Keyring Name] -keyfile [Key File]

And this to extract:
OpenPGPKeyTool.exe -extract -pubfile [Public Keyring] -index 0
Posted: 05/11/2011 16:46:57
by Ken Ivanov (Team)

Thank you for the details.

The headers (-----BEGIN PGP PUBLIC KEY BLOCK-----) state that the key you received is public, and therefore it cannot be used for decrypting messages (public keys can only be used for encryption and signature verification). This is also confirmed by the emptiness of the secret keyring file produced by the OpenPGPKeyTool. In order to be able to decrypt messages from your client you must get the corresponding private key. Please consult with your client on this matter. Probably they just have forgotten to send you the private key, or it has been sent to you via other means for security reasons.

Additional note: I just tried extracting my public key from the keyring just to make sure I am doing that step righ, and the output was just seemingly random symbols.

Yes, it is normal - unarmored OpenPGP key is a long sequence of binary characters that might look as random.
Posted: 05/12/2011 10:36:37
by Kevin Oakes (Standard support level)
Joined: 05/11/2011
Posts: 4

Thank you for the clarification. You have been really helpful
Posted: 11/29/2011 10:24:02
by Kent Wallace (Standard support level)
Joined: 11/29/2011
Posts: 9

PGP and SSO.

I need to use SSO to store a passphrase. Then retreive it using the SSO affilaite. Is this what the SSO affiliate replaces. I cannot find what or how to use use the SSO affiliate in PGP receive

Posted: 11/29/2011 13:06:45
by Ken Ivanov (Team)

Generally, you need to assign the name of the SSO affiliate to the SSOAffiliateApplication property of the adapter or pipeline. The user id kept in the SSO should contain a key filter defining key(s) to be used for signing/decryption. The first secret value kept in the SSO is expected to contain data encryption password, and the second secret value should contain the secret key. Both secrets are optional and may contain an empty value.
Posted: 12/13/2011 09:56:44
by Kent Wallace (Standard support level)
Joined: 11/29/2011
Posts: 9

SSOAffiliateApplication in the BizTalk pipeline

I understand I enter a SSO affiliation and certin fields.

1. What fields are implemented from the SSO in the pgp incryption.
2. What are the names of the elelments in use by PGP.

I see the fields


I know of a private key ring , a public key ring and a passphrase. How do these fields relate.

Kent Wallace
Posted: 12/13/2011 11:00:43
by Ken Ivanov (Team)

Currently there's no way to store secret key passphrase in the SSO. Instead, you can use the SSO to store the secret key itself (in unencrypted form). Please do the following to set up the pipeline to take the secret key from the SSO:

1. Export the desired secret key to a file without a password.

2. Put the obtained secret key to the second secret slot of the SSO record of the application. Leave the user account name and the first secret value empty.

3. Set SecretKeyringSource property to "Value" (1)

4. Assign a path to your public keyring to the PublicKeyring property and set PublicKeyringSource to "File" (0). This step is optional unless you need to encrypt processed messages (and not only sign them).



Topic viewed 22413 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!