Before we can undertake the use of any encryption and/or decryption, we need a tool that can generate public and private keys and perform the appropriate encryption or decryption of the file. We have made use of the Java based open source tool Portable PGP (http://ppgp.sourceforge.net/), but there are plenty of other tools available. Once you have chosen the tool, we need a public and private key. The tool you select should provide guidance on how to create the keys if you need any help.
With the key files ready, to make the process quick let's clone MoveAirportsFiles_Ch9
, as we have done in previous chapters, using the following details:
Property |
Value |
Integration Name |
|
Identifier |
This will be proposed based on the connection name and there is no need to change unless you would like an alternate name. |
Version |
01.00.0000 |
Package Name |
|
Description |
|
With the integration cloned, we can edit the target (Invoke) FTP adapter. On the first tab, we have a tick box available for encryption; this needs to be set now. This will then display an additional tick box asking What security mode do you want to employ? As our content is presently unencrypted, select Encrypt. If we try to move to the next page now, using the Next button, we will be presented with the following error:
This means we need to go back to our connections to provide additional information, so close the dialog with the OK button, then leave the dialog with the Cancel button, leaving the integration unchanged.
Navigate over to the connections list. Rather than changing the connection that is working with our first integration, we should do the same thing as the integration and, using the menu, Clone the connection, using the following details:
Property |
Value |
Connection Name |
|
Identifier |
This will be proposed based on the connection name and there is no need to change unless you would like an alternate name. |
Description |
|
This time, click on the Configure Security button and use the following values to complete the form:
Property |
Value |
Security Policy |
As we have elected to use FTP then the only drop-down option is FTP Server Access Policy. |
User name |
The username for the FTP site-the same as used in the FTP client to connect. |
Password |
This is the FTP site password, which was also used in the FTP client. |
Confirm Password |
Repeat the password provided in the Password field. |
SSL Certificate Password |
Leave blank. |
Confirm SSL Certificate Password |
Leave blank. |
PGP Public Key |
Set this check box. This will provide an Upload button. Click on this and in the File Section dialog supply the public key created earlier. |
Encryption Format |
Set this to True. |
Cipher algorithm |
This field allows you to define on several encryption algorithms including CAST5, 3DES, AES128, AES192 and AES256. Provide the value |
PGP Private Key |
Leave unset. |
Confirm PGP Private Key Password |
Leave unset. |
The screen will look like the following:
We can complete the dialog by clicking on the OK button, then using the Test and Save buttons on the connection. Finally, exit the connection.
With these details provided, we should return to the Integrations view and edit the MoveAirportsFiles_Ch9_2
integration again. Within the integration, we should delete the invoke end of the integration from the palette and add the new connection (AirportData_Ch9_2
) instead.
Tab |
Question |
Action |
Basic Info |
What do you want to call your endpoint? |
As with all our other examples-we are keeping things simple with |
What does this endpoint do? |
| |
Do you want to define a schema for this end point? |
As we are only moving files from one location to another we can set this to No. | |
Do you want to enable PGP security? |
We can encrypt the file using PGP (Pretty Good Privacy). We will look a bit at PGP later in the chapter, so for now let's set this to Yes. | |
What security mode do you want to employ? |
As a result of saying yes, to the prior question, this option is then displayed. Select Encrypt | |
Configure File Write |
Select a Transfer Mode |
Set this to ASCII as we will be moving CSV files. |
Specify an Output Directory |
Set the target to | |
Specify a File Name Pattern |
It is possible to define a file naming pattern, so that the name can include information such as a sequence number, or a timestamp. To illustrate this we can change the filename to be | |
Append to Existing File |
Leave unticked as we want to have the same number of files in the target location as in the original source-it will make spotting the changes working. |
By clicking the Done button, this time we have successfully established the FTP invoke which will encrypt the files.
You may remember the earlier error mentioning details such as ASCII Armor-this comes into play when handling binary files using Base64 encoding.
ASCII-Armor means that the encrypted outcome can be represented using Base64. This means care needs to be taken when retrieving the file to decrypt, as the content will be binary. More information about PGP encryption and ASCII Armor can be seen at https://tools.ietf.org/html/rfc4880
When the integration executes, using our FTP tool we should be able to find a new movedEncrypted%SEQ%.csv
file in the target folder (you may need to force it to refresh it view of the server file system). If you examine the innards of the file, the content will be completely garbled as it is now encrypted. Retrieve the file from the FTP server and use a PGP decryption tool to decode the content (depending on the tool, you may need to provide the keys generated). When the file is decrypted, you should now be able to see the contents as a CSV file representing the information from the original CSV file used. We will not go through the process of creating an integration that uses the decrypt, as the process will essentially be the same-providing the appropriate key file and related credentials. Priming the test would mean encrypting a CSV file and then uploading it.