GPG Encryption for Activation
You can activate data from an Activation Bunker that you own or have permission to use and use a GPG key to encrypt it on export and decrypt it in your Destination. This functionality is limited to S3 and SFTP destinations.
There are three steps in this process:
- Creating a GPG key
- Exporting a GPG key (this must be armoured)
- Adding the key to your destination in InfoSum so data can be encrypted on export
- Using the key to decrypt the data in the destination
Table of Contents
Creating a destination and adding the GPG key
Decrypting the data using the GPG key
Creating GPG Public Key
You can create a GPG key using your preferred program. For simplicity, the below instructions cover how to do this process for a Windows user with the program GnuPG. You can find more information on this program on their support site, and how to generate the key for other OS in this GitHub article.
- After GnuPG is installed, use either Terminal or Windows PowerShell to enter commands.
- Enter the following
- Choose the Keytype as Option (1) RSA and RSA
- Select keysize. Default is (3072). Pressing Enter will select the default option.
- Specify how long the key should be valid for. For security purposes it is good practice to add an expiry date to the key.
- GnuPG will need to construct a user ID to identify the key. Enter the requested User ID information:
-
- Real Name
- Email Address
- Press Enter to accept.
- Please add a comment on the next line (if needed)
- A prompt will appear to confirm that your ID is correct with the following options if anything needs changing.
Type o to confirm if everything is correct.
- A pop-up window will allow you to give a passphrase to protect your key.
Press ENTER
- The pop-up will ask to confirm your passphrase.
- Your key will now be generated back in the terminal prompt.
Exporting the GPG Public Key
- Now the key will need to be exported in order to add it to your Destination. In order for it to export correctly the key will need to be armored.
- Enter the following command into Terminal (including your own email address and key name)
gpg --armor --export example@email.com > example-keyname.asc
- Press Enter.
- The Key will now be saved to the file location specified in the command window.
- Find your saved file and open using a text editor.
- Within the text editor the public key will be visible. Copy the entire key including
-----BEGIN PGP PUBLIC KEY BLOCK-----
and
-----END PGP PUBLIC KEY BLOCK-----
Create a destination and add your GPG key
- Create your Destination in the Infosum Platform using the following pages as instructions.
-
Copy the Key into the GPG Public Key section in your destination. This can be found at the bottom of the platform screen in Optional Settings.
- Submit your Destination.
Decrypting the data using the GPG key
This section will show how to decrypt your GPG Key after it has been exported using a Destination.
- Locate your file on the SFTP/S3 server and download to a suitable location ready for decrypting, or get the file directly from the server using command lines in Terminal/PowerShell.
- Once the file is saved, if you try to open it with a text editor you will see the file is encrypted.
- Return to Terminal/PowerShell to prepare decryption of file. Make sure the command prompt is in the directory where the file is located ie Desktop or Downloads.
- Enter the following commands
“gpg-demo” is an example name, choose the name of your encrypted file.
“gpg-newfile” is an example name, choose the name of your new decrypted file.
Note adding “>” will decrypt the file into a new file. If you do not add “>” it will only decrypt within the terminal window.
Your new file will be decrypted ready for viewing or importing.