Encryption Node

AMS probably created the key pair in the SSOPV2 service (that appears to be their standard). You can verifyusing the rich client admin, and looking at the 'gen' space and security services management, etc. Drill down to the SSOPV2 service and if there are service properties for PGP public key and private key listed, then that is where the key is stored. You can't necessarily change them from rich client admin (you have to use secadm command line utility, which isn't available for AMS clients), but if they are there you will see them as properties, whereas if they aren't listed, then the key isn't stored with that service. Hopefully that will make sense. BTW, you can't test the encrypt/decrypt nodes via the IPA designer, since they have to run on the server. What I do to verify is to create a very simple flow with a string variable, encrypt it, then decrypt it, and send the variables back to myself via email. I upload that flow to the server and create a process trigger to run it.

Thank you for your reply. .. I am going to look into rich client. However, I was able to encrypt and decrypt the file successfully. I typed the service name as SSOPV2 and it worked and yes I figured out that I had to load the flow to the server for it to work.. Do I need to load vendors public key on LMK when I need to send them PGP encrypted data?

Yes, if you are receiving encrypted files then you need to load their PGP key into Landmark.

Thanks David.. based on your response if i am sending 3rd party vendor PGP encrypted file ... then I need to load their public key into LMK to encrypt the file using their public key so that they can use their private key to decrypt the file.

No, if you are sending files then you need to generate the PGP encryption and they need to load your key into their system.

I am having an ongoing "argument" with AMS over how they handle the keys for hosted clients; IMO, AMS has it backwards; they want to set up keys for clients using the SSOPV2 service for encryption for the "outbound" files, while new named services are set up for 'inbound' files and the keys imported from whomever is sending the file. Which is backwards. It's the receiver that should generate the key pair, and provide the public key to the sender of the file. It's easy to encrypt and send a file to someone; the problem is that the recipient needs to be able to decrypt it in order to read it If I use the same key pair using the SSOPV2 service to encrypt files that I give to different parties, that means that party multiple parties have the same public key. Would appreciate opinions or feedback ...

John, you are correct,.. I actually did a test with the key pair that AMS generated. I downloaded the public key to my local computer to encrypt a test file. I was then able to upload the file to LMK server and decrypt it using the private key on the already existed on the server.

Files going to a 3rd party vendor ---> vendor generates the key pair and provides the public key to a client to be loaded on LMK.
File coming from 3rd party vendor ----> client provides the public key to 3rd party for encryption.

Thanks for that. I did verify and demonstrated why it was backwards; they fixed their process.

I am trying to use the encrypt node in IPA for some of our external vendor interfaces, and I only need to know how to pgp encrypt files with vendors' public keys -- but I have multiple vendors each with their own .asc public key file I am required to use. From this chain, it seems there is a secadm step that I need some details on to get started, and then, I am still confused about the encrypt node properties as I don't see where I would tell it which public key I want to use for the particular vendor interface I am working on. Any guidance is appreciated -- the more detailed the better!