PGP Sign

In this article

Overview

This Snap enables you to use PGP to sign a file digitally without encrypting the file.

Pretty Good Privacy (PGP) is a decryption program that provides cryptographic privacy and authentication for data communication. PGP is popularly used to digitally sign, encrypt, or decrypt email messages or files being transferred over the Internet.

Overview of settings with example values


Snap Type

The PGP Sign Snap is a Transform-type Snap that allows binary data to be signed using PGP.

Prerequisites

This Snap requires an existing valid PGP Private Key account.

This Snap uses account references created on the Accounts page of SnapLogic Manager called the PGP Public Key Account that stores the public key used for encryption. See Configuring Binary Accounts for information on setting up this type of account. 

When setting up the account, enter your public PGP key. The credentials setup will automatically encrypt the message.

For signed encryption, this Snap uses account references created on the Accounts page of SnapLogic Manager called the PGP Private Key Account that stores the public and private key used for signed encryption. See Configuring Binary Accounts for information on setting up this type of account. 

When setting up the PGP Private Key account, enter your public and private PGP keys. The credentials setup will automatically encrypt and sign the message.

Support for Ultra Pipelines

Works in Ultra Pipelines.

Limitations and Known Issues

The Snap might fail while processing very large signed files. 

Snap Views

Type

Format

Number of Views

Examples of Upstream and Downstream Snaps

Description

Type

Format

Number of Views

Examples of Upstream and Downstream Snaps

Description

Input 

Binary

 

  • Min: 0

  • Max: 1

  • File Reader

  • Binary Copy

  • Document to Binary

This Snap has exactly one binary input view. 

Each input document contains file to be the signed.

Upstream Snaps can be any Snap that produces binary data in the output view, such as File Writer or Decompress.

Output

Binary

  • Min: 0

  • Max: 1

  • File Writer

  • Binary to Document

This Snap has exactly one binary output view. 

Each output document contains the signature file or the signed, compressed file.

Downstream Snaps can be any Snap that accepts binary data in the input view, such as File Writer or Decompress.

Error

Error handling is a generic way to handle errors without losing data or failing the Snap execution. You can handle the errors that the Snap might encounter when running the pipeline by choosing one of the following options from the When errors occur list under the Views tab:

  • Stop Pipeline Execution: Stops the current pipeline execution if the Snap encounters an error.

  • Discard Error Data and Continue: Ignores the error, discards that record, and continues with the remaining records.

  • Route Error Data to Error View: Routes the error data to an error view without stopping the Snap execution.

Learn more about Handling Errors with an Error Pipeline.

Snap Settings

  • Asterisk ( * ): Indicates a mandatory field.

  • Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon ( ): Indicates the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon ( ): Indicates that you can add fields in the field set.

  • Remove icon ( ): Indicates that you can remove fields from the field set.

  • Upload icon ( ): Indicates that you can upload files.

Field Name

Field Type

Description

Field Name

Field Type

Description

Label

Default Value: PGP Sign
Example: PGP Sign - MyDoc

 

String

Specify the name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your pipeline.

 

Signature Algorithm

Default Value: SHA1
Example: SHA224

 

 

Dropdown list

Specify the algorithm to use for the signature.

This is the signature algorithm that is used for the actual signature that is being made. Most systems default to SHA1, but other SHA algorithms can be used.

Use detach sign

 

Default Value: Not selected

 

Checkbox

When selected, the Snap provides only the detached signature of the signing process. This is the equivalent of running with --detach-sign using the gpg utility. When unselected, it is the equivalent of running with --sign using the gpg utility.

Rather than having the compressed input data and signature in a single binary document, this option provides only the signature of the file as the only output. If you need access to the raw input binary file, use a Binary Copy Snap prior to the PGP Sign Snap and leave this checkbox unselected.

Use armor output

 

Default Value: Not selected

 

Checkbox

When selected, the output is base64-encoded with a header and footer rather than the binary data.

This is the equivalent of running the GnuPG gpg command with --armor, which provides the output in a more structured format with a header, footer, and the data in between as base64-encoded.

Snap Execution

 

Default Value: Validate & Execute
Example: Execute only

 

Dropdown list

Select one of the three modes in which the Snap executes. Available options are:

  • Validate & Execute: Performs limited execution of the Snap, and generates a data preview during Pipeline validation. Subsequently, performs full execution of the Snap (unlimited records) during Pipeline runtime.

  • Execute only: Performs full execution of the Snap during Pipeline execution without generating preview data.

  • Disabled: Disables the Snap and all Snaps that are downstream from it.

 


Troubleshooting

Error

Reason

Resolution

Error

Reason

Resolution

Unable to create signed file

Error reading the key/input data passed

Please verify the key/input data passed

No valid signing key in provided private key

The key might be expired signing keys or the key pass phrase is not correct

Please verify that the provided private key has non-expired signing keys and that the password is correct

Examples

PGP Sign a Salesforce File

In this example pipeline we download a file from Salesforce that uses the normal signature, which creates a signed file with the file available.
We then upload the file to S3, where it could be used as a standard signature to pass to a downstream use case for someone to verify.

Sample pipeline and output of PGP Sign

Download the sample pipeline.

PGP Sign a Salesforce File (Detached)

This example pipeline shows how to use the Binary Copy Snap to include both the original file stream as well as the signature stream.
We then upload both files to S3 with different names.
Both files could then be verified.

Download the sample pipeline.

 

Downloads

  1. Download and import the pipeline into SnapLogic.

  2. Configure Snap accounts, as applicable.

  3. Provide Pipeline parameters, as applicable.

Attachments

  File Modified

File example-pgp-sign-salesforce-file-detached.slp

Jul 13, 2023 by Cindy Hall

File example-pgp-sign-salesforce-file.slp

Jul 13, 2023 by Cindy Hall