With the Encryption connector, you can use commands in a chain to encrypt or decrypt files or plaintext using Pretty Good Privacy (PGP) keys or X.509 certificates.
Learn more about Encryption commands.
Requirements
To set up the connector, you'll need:
- The PGP or X.509 public key file to use for encryption
- The public key's corresponding private key file for decryption
- The private key's password (if applicable)
File restrictions:
- Encrypted files are limited to 1 GB in size.
- When encrypting with an x509 certificate, the maximum file size depends on the public key and hash function selected. Learn more about the Encrypt With X509 Certificate command.
- For PGP encryption, the connector supports Advanced Encryption Standard (AES)-128; for PGP decryption, AES-128, AES-256, CAST-128 (CAST5), and Triple Data Encryption Standard (3DES).
Set up the Encryption connector
Note: To make the connector available for use in your organization's chains, an org security administrator first enables it from Configuration.
- From Chain Builder, click Connections , and then Create at the top right.
- Under Connector Connection, select Encryption and the default CloudRunner.
- Under Basic Info, enter a unique name and description to help identify the connection.
- Under Resources, upload the public key and private key files.
- Under Properties, enter the connection's details:
Property Details PGP public key file To encrypt with a PGP key, enter the filename of the public key file uploaded under Resources. PGP private key file To decrypt PGP encryption, enter the filename of the private key file uploaded under Resources. PGP private key password Enter the password created with the PGP private key file, if applicable. If no password was created, leave blank. X509 public key file To encrypt with an X.509 certificate, enter the filename of the public key file uploaded under Resources. X509 private key file To decrypt X.509 encryption, enter the filename of the private key uploaded under Resources. X509 private key password Enter the password created with the X.509 private key file, if applicable. If no password was created, leave blank. Note: All sensitive credentials are automatically encrypted and stored at AES-256 encryption.
- Select the environments to use the connection, and click Save.
- To test the connection, create and run a chain with the connector's Encrypt with PGP Key or Encrypt with X509 Certificate command, and verify it returns a valid output.
Troubleshooting
| Error message | Cause | Resolution |
|---|---|---|
| Failure to encrypt or decrypt | Verify the public and private key files entered under Properties match the files uploaded under Resources. | Check the password entered for the private key file, if applicable. |
| Value to encrypt is empty | This error is returned when an encryption key (or decryption key) is not specified and the encryption command (or decryption command) is being used. | Please ensure all proper documentation steps have been followed for properly configuring the connector. |
| File size is too large to encrypt with the current public key and hash function. | This error is returned when a file is too large to encrypt with the selected X509 certificate and hash function. | This command is only intended for very small file sizes. Either reduce the file size, choose an alternate encryption method, or select a different hash function. |