Signing and Encrypting a Message Using Key Pair Encryption

The current encryption model supports the signing of messages along with encryption. A digital signature is added to each encrypted message. The PGP preemitter and PGPEncrypt service do not support the signing of a message without encryption.

Consider a use case where an outgoing message must be signed and encrypted. In addition, assume that there are multiple keys listed within the same key ring file. For example:

H:\>gpg --list-key C:/Program Files/GNU/GnuPG/keyRing\pubring.gpg
------------------------------------------------------------------
pub   1024D/3A4A61BD 2009-05-13
uid     Key for Test server<Soumya_raghavan@ibi.com>
sub   2048g/92DFC2B0 2009-05-13
pub   1024D/DB9570DD 2000-02-23
uid     Production <production@ibi.com>
sub   2048g/8DC224F9 2000-02-23
pub   1024D/FFBDBE5C 2009-04-30
uid     ATSHelp <ATS 24X7 support @ibi.com>
sub   2048g/B0BB9ED1 2009-04-30

To successfully encrypt a message using key pair encryption:

  1. Follow the steps in How to Configure a PGP Preemitter.

    The values for the PGP preemitter configuration parameters are listed and described in the following table:

    Parameter

    Description

    Encrypt method

    Selects the form of encryption to be used. In this example, select Keypair from the drop-down list.

    Pass Phrase or Alias

    The configured pass phrase or alias. In this example, the following value is used:

    Key for Test server<Soumya_raghavan@ibi.com>

    Note: To avoid typos, it is a good idea to cut and paste this value from a text file.

    armor

    Determines whether an armored message should be generated. In this example, select false from the drop-down list.

    Public key ring

    Full path to the public key ring. Used for key pair encryption. In this example, the following path is used:

    C:\Program Files\GNU\GnuPG\keys\pubring.gpg

    Secret key ring

    Full path to the secret key ring. Used for key pair encryption. In this example, the following path is used:

    C:\Program Files\GNU\GnuPG\keys\secring.gpg

    Key Phrase

    Enter the key phrase that is required for signing. This parameter is required only when signing.

    Sign

    Determines whether messages should be signed. In this example, select true from the drop-down list.

    algorithm

    The algorithm that is used. In this example, select cast5 from the drop-down list.

    FingerPrint

    Enter the fingerprint of the sub key ring (the encryption key), which can be obtained by using the following command:

    gpg --fingerprint --fingerprint "alias"

    where:

    alias

    Is the alias being used.

  2. Follow the steps in How to Configure a PGP Preparser.

    The values for the PGP preparser configuration parameters are listed and described in the following table:

    Parameter

    Description

    Decrypt method

    Selects the form of decryption to be used. In this example, select Keypair from the drop-down list.

    Pass Phrase or Alias

    The real name that is configured. In this example, the following value is used:

    Key for Test server<Soumya_raghavan@ibi.com>

    Note: To avoid typos, it is a good idea to cut and paste this value from a text file.

    Public key ring

    Full path to the public key ring. Used for key pair encryption. In this example, the following path is used:

    C:\Program Files\GNU\GnuPG\keys\pubring.gpg

    Secret key ring

    Full path to the secret key ring. Used for key pair encryption. In this example, the following path is used:

    C:\Program Files\GNU\GnuPG\keys\secring.gpg

    Key Phrase

    Enter the key phrase, which is required to verify the signature.

    Flow form

    Determines the flow form to be used. In this example, select XML from the drop-down list.

  3. Construct and deploy two channels (for example, EncryptChannel and DecryptChannel).
  4. Input an XML file (for example, hello.xml) to be encrypted by the encrypt channel (EncryptChannel).
  5. Pick up the encrypted file from the default output of EncryptChannel and use this file as input for the decrypt channel (DecryptChannel).

    The original file is obtained.


iWay Software