Contents
You can use the PGP Sign filter to digitally sign messages passing through the API Gateway pipeline. Messages signed on the API Gateway can be verified by the recipient by validating the signature using a public PGP key. Signed messages received at the API Gateway can be verified in the same manner. The PGP Sign filter supports the following signing methods:
| Compressed | Compresses the message and creates a hash of the contents before signing. Because the message is contained in the signature, the signature can be used in place of the message. The typical use of this method produces a signature in printable ASCII form (ASCII Armor output). You can deselect this option to produce a binary signature. | |||
| Clear Signed |
Clear signing a message leaves the message intact and adds the signature
under the clear message text. This provides for optional verification of
the message signature and contents. The output has a content type of
application/pgp-signature.
|
|||
| Detached Signature (MIME) | Creates a multipart MIME document where the message remains in clear text and the signature is attached as a MIME part. |
![[Note]](../common_oracle/images/admon/note.png)
For an example use case, see the PGP Verify filter.
Complete the following fields to configure this filter:
Name:
Enter an appropriate name for the filter.
PGP Private Key to be retrieved from one of the following locations:
Select how the private PGP key is retrieved to sign the message:
| Use the following private key from the PGP Key Pair list | Click the browse button on the right, and select a PGP key pair configured in the Certificate Store. For details on configuring PGP key pairs, see the topic on Certificates and Keys. |
| Look up the private key using the following alias |
Enter the alias name of the PGP private key used in the Certificate Store (for
example, My PGP Test Key). Alternatively, you can enter a selector
expression that specifies the name of a message attribute that contains the alias.
The value of the selector is expanded at runtime (for example,
${my.pgp.test.key.alias}).
|
| The following message attribute will contain the private key |
Enter a selector expression that specifies the name of the message attribute
that contains the private key. The value of the selector is expanded at runtime
(for example, ${my.pgp.test.private.key}).
|
For more details on selectors, see Selecting Configuration Values at Runtime.
Signing Method:
Select the method used to create the digital signature for the message attachment:
| Compressed |
Creates a compressed signature. Because the message is contained in
the signature, this signature is used in place of the message.
You can use the ASCII Armor Output setting to specify whether to output the binary message data as printable ASCII Armor text. This option is selected by default. |
| Clear signed | A clear signed message has the message intact and a signature attached under the clear message text. This is useful when the software reading the message does not understand the PGP structure, because it can still display the signed content, but without verifying the signature. |
| Detached signature (MIME) | Creates a multipart MIME document where the message is in clear text and the signature is attached as a MIME part. Similar to clear signed, this is useful when the software reading the message does not understand the PGP structure. |
