PGP Decrypt

Contents

Overview
Configuration

Overview

You can use the PGP Decrypt filter to decrypt a Pretty Good Privacy (PGP) encrypted message. This filter decrypts an incoming message using the specified PGP private key, and creates a new message body using the specified content type. The decrypted message can be processed by the API Gateway, and then encrypted again using the PGP Encrypt filter.

An example use case for this filter would be when files are sent to the API Gateway over Secure Shell File Transfer Protocol (SFTP) in PGP encrypted format. The API Gateway can use the PGP Decrypt filter to decrypt the message, and then use Threat Detection filters to perform virus scanning. The clean files can be PGP encrypted again using the PGP Encrypt filter before being sent over SFTP to their target destination. For more details, see the PGP Encrypt filter.

Configuration

Complete the following fields to configure this filter:

Name:

Enter an appropriate name for this filter.

PGP Private Key to be retrieved from one of the following locations:

Select one of the following options:

  • Use the following private key from the PGP Key Pair list

    Click the browse button on the right, and select a PGP key pair configured in the Certificate Store. For details on configuring PGP key pairs, see the topic on Certificates and Keys.

  • Look up the private key using the following alias

    Enter the alias name of the PGP private key used in the Certificate Store (for example, My PGP Test Key). Alternatively, you can enter a selector expression that specifies the name of a message attribute that contains the alias. The value of the selector is expanded at runtime (for example, ${my.pgp.test.key.alias}).

  • The following message attribute will contain the private key

    Enter a selector expression that specifies the name of the message attribute that contains the private key. The value of the selector is expanded at runtime (for example, ${my.pgp.test.private.key}).

For more details on selectors, see Selecting Configuration Values at Runtime.

Content type:

Enter the Content-Type of the unencrypted message data. Defaults to application/octet-stream.

Prev  Up  Next
  Home