Use IPA/Flow to encrypt data by calling Symantec PGP

We have several flows that creates data output files and now we need to encrypt them first using PGP before FTP. Do we need the PGP in the Landmark servers? How do you call the PGP command in the flows?

Thanks,

Jude

Find more posts tagged with

Process Automation (IPA) - General Discussions

Accepted answers

All comments

jason-vance

Hello Jude

You will use the Encrypt node for file encryption. This requires the public key from the owner of the key pair to be uploaded to a Security service you select, this service will be defined in the Encrypt node Service Name field. The Encryption type of PGP is supported. The encrypted file will be renamed <FileName>_encrypted

Legacy Contributor

We installed GNuPG on our Landmark server and use that to encrypt so I assume you could install PGP . We use an Assign node to execute a bat file that has the commands in it below. The file name changes every day so we recreate it.

C:

cd Program Files (x86)GNUGnuPGpub

gpg --trust-model "always" --recipient "<SomeRecipient>" --batch --yes --output "D:HRSD_obHurley_MC_Onboard_20181030000008.txt.gpg" --encrypt "D:HRSD_obHurley_MC_Onboard_20181030000008.txt"

chris-mccullough

Jude, I have a few flows that use the PGP encryption node - works great! I just read the article in the InfoCenter on how to do it and it was pretty easy. Nothing to install (3rd party) or anything. The steps are all there. You will need access to the Landmark command line for secadm -m. This is how you upload the PGP key. Check out the InfoCenter and look up "Managing PGP Key Pairs" as well as the articles for the PGP nodes. Hope this helps.

Legacy Contributor

Thank you all

Legacy Contributor

Hi, I am trying to do the similar thing to encrypt the file with PGP encryption and could not find the article that you mentioned. Do you still have the link to it, can you please share? Thanks in advance.

russel-cornelson

Infor moved documentation to https://docs.infor.com; the documentation you are looking for should be in:
https://docs.infor.com/en-us/lmrk/11.0.x

From there you can pick Unix/Windows version.

When that loads you can search for "Managing PGP" in the top right corner; it should lead you to the documentation you are looking for.

This thread is 2 years old:
1. You can now create pgp key pairs, or download the public key from the Web UI; command line not required but that option still works as well

Additional Tips/Notes in case anyone is interested.

- PGP Encryption requires two keys; a public key and a private key.
- public key can be used to encrypt data
- private key can be used to decrypt data

- Landmark Technology stores the keys in Security Services
- You should have 1 security service that contains your PGP Key Pair (public & private key)
- You should download the public key from this service and provide it to any vendor who you want to receive encrypted files from.

- You should have 1 security service, per vendor, that you want to send encrypted files to.
- The vendor will provide you with their public key; which you should load into the service.

-You should follow a naming convention for your security services to make them more manageable
- PGP_YOURCOMPANY_PRIVATE for example to store your companies private key
- PGP_VENDOR_PUBLIC for example to store the public keys from vendors you interface with.

- You can additionally Encrypt>Sign a file
- To sign a file you need another private key which requires another security service
PGP_YOURCOMPANY_SIGNATURE; generate key pair.
- In this case you "Encrypt" the file with the vendors public key; then sign it with your private key, and send the public signature key to vendor.

- Current limitation: Landmark/IPA currently limited to "Encrypt" or "Encrypt then sign encrypted file"; additional options coming in future CU will allow you to "Encrypt", "Sign", "Encrypt then sign" or "Sign then Encrypt"
**** Some vendors may require a file to be "signed then encrypted"

- MT Customers: Infor Process Automation encrypting a file could cause your vendor to receive decryption error messages if they have MDC enabled. MDC, or modification detection code; detects if the originally encrypted file has been changed. Current MT architecture IPA is taking a copy of the original file; and encrypting the copy, then renaming the encrypted file which trips MDC on systems where its enabled. A defect is logged for this issue and a fix will be coming in a future CU.

Legacy Contributor

Thank you very much for the info.

Copyright © 2025 Infor. All rights reserved.