Layer7 API Management

  • Private Community
Back to Library

KB: Unable to perform PGP Encryption with Tactical Assertion 

Jul 04, 2018 09:07 PM

Added a new knowledge doc that is relevant for a number of recent cases doing pgp encryption. 

https://comm.support.ca.com/kb/unable-to-perform-pgp-encryption-with-tactical-assertion/kb000098034 

Introduction:
We are unable to perform the PGP encryption with Public Key after install the assertion (Symmetric Key Encryption / Decryption Assertion). 

I have tested with various PGP keys but still getting the same error Error Message is as follows :
com.l7tech.external.assertions.symmetrickeyencryptiondecryption.server.ServerSymmetricKeyEncryptionDecryptionAssertion: Error encrypting text 
Background:
PGP encryption/decryption is available via the Tactical Assertion : SymmetericKeyEncryptionDecryptionAssertion  

The tactical assertion can be obtained from CA Support upon request, there is requirement to acknowledge a warning of the risks of using lower level encryption, and approval for distribution is given by CA Engineering group.  

For PGP encryption however the module is needed. 
Instructions:
Initially I had the same issue and the PGP encryption was failed with this same error. 

But when I read the instructions very closely all the fields are base64 encoded.   

The PGP Public Key is normally PEM encoded, which is a base64 encoding scheme, so I had assumed that was applicable and it was already base64 encoded. 

But the PEM encoded PGP public key then also needs to be base64 encoded again.  

So I had to add : 
      Set Context Variable pgppublickey = String : --- BEGIN PGP ....
      Base 64 Encode ${pgppublickey} into ${b64pgppublickey} 

And then the encryption worked as expected. 

I've uploaded sample policy for encrypting using a generated public key. 

Here is the policy, note the Base64 encode of the PGP Public key.
User-added image

Here is the PGP Public key, in its normal PEM (Privacy Enhanced Mail) format : 
User-added image

And the settings for the PGP Public Key encryption :
(note the input is the base64 encoded version of the public key.)
User-added image

Statistics
0 Favorited
6 Views
1 Files
0 Shares
2 Downloads
Attachment(s)
zip file
working2-testencryptbasic.xml.zip   2 KB   1 version
Uploaded - May 29, 2019
 
Download

Related Entries and Links

No Related Resource entered.