PGP Encrypt

Description

The goal of the process encrypt & sign / decrypt & verify a document is:

  1. The sender is sure that only the recipient can decrypt it
  2. The recipient can authenticate the document as coming from the sender, which is also the signer.

Note: The signature is optional because a document can be encrypted without a signature. In such a case, there is no verification step.

An overview of the process is shown below:

Pgp Overall Process

The PGP Encrypt action implements the left part of the process above. It allows a flow to perform a PGP encryption on a string of plaintext. There is also the option to add a signature for additional authentication.

PGP Encrypt basic configuration

Usage

The PGP Encrypt action converts plaintext to ciphertext, always encasing it in an ASCII armor so it can be sent through standard messaging, for example, email. This makes it possible to send data securely to third-party services.

  1. Insert plaintext data inside file content (you can also insert data referring to a previous step by clicking the [+] Add button).
  2. Insert a public RSA/PGP key of choice (received from a third party service or one that you have generated).
  3. Select the cipher algorithm of choice (CAST5, BLOWFISH or AES-256).

Supported Keys

Extension Kit supports both RSA and PGP keys for both encrypting and signing. Note that the key content is shortened for documentation purposes.

Keys must be used as they are generated, with no modifications done in them to avoid faulty keys.

Example of Public RSA key:

-----BEGIN PUBLIC KEY-----
j+TgseJangU6imik5mL0qYg9523FcukXfS9MH+qgisF1DotW1C9BADUKd0okqWUZ [...]
-----END PUBLIC KEY-----

Example of Private RSA key:

-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAkx8U2Yv7KUQbzspGzcNv/s8SY168tVK55HjG/lKDaBi0SWPi [...]
-----END RSA PRIVATE KEY-----

Example of Public PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v1.0.0
Comment: https://keybase.io/crypto

xsFNBGMz9zABEADLYAjUH0+kZQtjMuDcZ3r4+IarVQRT+4+nFgMOZd1T+Laomz24 [...]

-----END PGP PUBLIC KEY BLOCK-----

Example of Private PGP key:

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: Keybase OpenPGP v1.0.0
Comment: https://keybase.io/crypto

xcaGBGMz9zABEADLYAjUH0+kZQtjMuDcZ3r4+IarVQRT+4+nFgMOZd1T+Laomz24 [...]

-----END PGP PRIVATE KEY BLOCK-----

Note: The type of key being used is automatically determined by the system. User action is not required.

NOTE: The document is also compressed with basic ZIP algorithm before being encrypted. As an example with the encryption of a big 20MB XML file, the result is a 2.5MB PGP message.

Signature (optional)

The signature authenticates the user. Both RSA and PGP keys are supported for signing.

PGP Encrypt signature

  1. Select one of the provided hash algorithms (MD2, MD5, RIPE-MD/160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512).
  2. Optionally select the Encrypt and sign in one pass checkbox if you want to encrypt and sign the document in one pass. If unchecked, the encrypt and sign proceeds in two passes: first sign the document, and second, encrypt the signed document.
  3. Insert a matching Signature private key and Signature public key.
  4. If the Signature private key is optionally protected, you must provide the passphrase.