Home > Oracle Apps > Usage of various pgp command

Usage of various pgp command

Recently I got a request from a bank where the customer transmits some of the files. Bank was upgrading and changing their target server and hence we need to accommodate certain changes on our side to do the testing before the same is done in production environment.

Command to list the existing Key IDs on the keyring


appluser.DEV.pdc-xyz-ibm> /usr/local/bin/pgp -kv
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
Type bits      keyID      Date       User ID
RSA  1024      ********** 2009/07/02 *** DEFAULT SIGNING KEY ***
                                     XY_ABCBANK_TEST
RSA  1024      ********** 2009/07/06 abc pqr <a href="mailto:abc.pqr@domain.com">abc.pqr@domain.com</a>>
RSA  2048/2048 ********** 2012/02/21 expires 2014/05/01
                                      File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
RSA  2048/2048 ********** 2009/03/04 *** KEY EXPIRED ***
                                      ABCBANK_ECS_QA_2011 <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
4 matching keys found.

Bank sends the new public key from their TEST/QA server. This is done so as to do point to point testing from our DEV/QA to Bank DEV/QA server.

Once the new public key is recived,this needs to be added into the keyring using below command


/usr/local/bin/pgp -ka <BANK_PUBLIC_KEY.ASC>
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
Looking for new keys...
RSA  2048/2048 ************ 2012/02/21 File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
sig?           ************             (Unknown signator, can't be checked)

keyfile contains 1 new keys. Add these keys to keyring ? (Y/n) Y
New userid: "File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>".
New signature from keyID ********* on userid File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>

Keyfile contains:
   1 new key(s)
   1 new signatures(s)
   1 new user ID(s)
Summary of changes :

New userid: "File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>".
New signature from keyID ********** on userid File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>

Added :
   1 new key(s)
   1 new signatures(s)
   1 new user ID(s)

Comand to extract the key for the user XY_ABCBANK_TEST (copies ID’s key to keyfile from keyring )

XY_ABCBANK_TEST is the user ID signing the encrypted file


/usr/local/bin/pgp -kx XY_ABCBANK_TEST /tmp/pgp_key_XY_Nov2013.asc

Getting a warning message while encrypting and signing the file


Key for user ID: File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
2048-bit RSA key, Key ID ******, created 2012/02/21, expires 2014/05/01
WARNING:  Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: "File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>".

Now to overcome the error, we need to sign the public key received from 3rd party using our secret key on key ring

pgp -ks <HER_USERID>-u <YOUR_USERID>keyring


appluser.DEV.pdc-xyz-ibm> pgp -ks File_Transfer_Services -u XY_ABCBANK_TEST_2013
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
Key for user ID: File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
2048-bit RSA key, Key ID ***********, created 2012/02/21, expires 2014/05/01
          Key fingerprint =  XY PQ 86 14 PO E9 9F 11  9Q E7 2G 80 69 75 U8 37  F6 8S 7C C3
READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above public key actually belongs to the user specified by the
above user ID (y/N)? y

You need a pass phrase to unlock your secret key.
Key for user ID "XY_ABCBANK_TEST_2013"
Key does not have a passphrase.

Attach a regular expression to this signature, or
press enter for none:
appluser.DEV.pdc-xyz-ibm>

Reference URL for other various PGP command summary

http://www.dsj.net/pgp/pgphelp.html

http://www.cs.wm.edu/pgp.html

-Anand

Advertisements
Categories: Oracle Apps
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: