Hi Suraj
1) The proper PGP format (generally) would be the :
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.58
LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEJDUEcgdjEuNDYKCmhJd0RTOXpr
NFl6Z2ZjOEJBLzBhUDBKUnM4WGNLdzhYd2t6ODVCajhqQ2VqWGxFS0UzZEQvQTRhT3Yzb0VUckYK
...
Y25nCj13bDVhCi0tLS0tRU5EIFBHUCBNRVNTQUdFLS0tLS0K
-----BEGIN PGP MESSAGE-----
That is the PEM (Pivacy Enhanced Mail) wrapped format. PEM is very commonly used for certs/data used in email :
https://support.quovadisglobal.com/kb/a37/what-is-pem-format.aspx
For PEM the blocks are identified via the --- XXXX --- headers, the binary data is base64 encoding have column limit of 76 (or is it 78). The ascii and line size limit was set so as not upset old email servers which had some limitations - it is still very commonly used.
2) The output of the PGPEncrypt Assertion however is just raw base64 encoding of the encrypted data - you can see the binary data is the same just does not have the PEM wrapper.
3) Also I see the space at character 76 or so - I suspect then that there is a \n there, but the editor you've looked at it in requires \r\n so they all appear on the same line :
LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEJDUEcgdjEuNDYKCmhJd0RTOXpr NFl6
4) Solution ?
For Solution in your case it is probably easiest if on the APIM Gateway you can add an set-context-variable that adds the PEM type header & footer to the returned data :
eg:
pemEncodedResponse =
type:string
-----BEGIN PGP MESSAGE-----
Version: BCPG v1.58
${rawbase64encodeddata}
-----BEGIN PGP MESSAGE-----
Something like that or similar should work (and I seem to remember doing that when I had a few cases with PGP encryption).
It is probably cleanest to add on the Gateway side, rather than the client side but would work on the client side as well.
You could also raise enhancement request to the PGP assertion to add it.
Hope that helps.
Cheers - Mark
(Also for encrypt I am a bit surprised you get the same b64data, usually there is some salt thrown in to ensure even if you encrypt the same messsage twice it will give different output encrypted value)