Overview:
Amperity has the ability to decrypt PGP encrypted data given a private key and encrypt data given a public key. This article will walk you through the steps of enabling the use of encryption in Amperity.
Amperity recommends the following standards for creating a PGP keypair
- 4096-bit keys
- A strong passphrase
- One PGP key per-tenant (minimum); one PGP key per system (recommended)
Any tool that is compliant with the OpenPGP standard, as defined by RFC 4880 may be used for PGP encryption and decryption. Below are cross-platform tools that will enable encryption and decryption of files.
Instructions on using these tools to generate keys, encrypt and decrypt files can be found in their respective documentation.
Ingest:
When creating a courier if the file being ingested ends in a .pgp or .gpg file extension Amperity will automatically provide the ability to add a decryption key (private key).
Navigate to the "Sources" page and scroll down to the "Courier" section and click "Add Courier"
Select the plugin type, courier name, and credential then click "Continue"
In the courier dialog select the sample file path, create the file pattern and then under "PGP Credential" select an existing credential or create a new one.
To create a new credential for decrypting data in Amperity select "Create new credential"
In the window that pops up add a name, description, the PGP Private key, and a passphrase (if added during the key creation process)
Note: Include the "BEGIN PGP PRIVATE KEY BLOCK" and "END PGP PRIVATE KEY BLOCK" header and footer in the key.
The PGP private key will allow anyone with access to this key to decrypt data that has been encrypted with the corresponding public key. Please keep this key confidential.
Click "Save" and if entered in correctly the data should now be visible in the courier file preview in its unencrypted form
Continue configuring the courier and feed as needed.
Egress:
Navigate to the "Destinations" page in Amperity and click "Add destination"
Select the appropriate plugin and fill out the necessary fields.
In the "PGP Public Key" field add the public key that you would like to use to encrypt this data. The corresponding private key will be needed to decrypt this data. The private key should be secret to your organization.
Note: Make sure to include the "BEGIN PGP PUBLIC KEY" and "END PGP PUBLIC KEY" header and footer in the key.
Click "Save" to save this destination.
Any orchestrations that use this destination will note that the data sent from Amperity to this destination will be encrypted.
Sharing secret information with Amperity:
On occasion it may be necessary to share things like private keys with Amperity employees to assist in the configuration of the platform. When sharing secret information please utilize the Snappass tool hosted by Amperity.
Navigate to snappass.amperity.com
Enter the information you would like to share in the "Set Secret" text box, specify a time for the link generated to be valid, and click "Generate URL"
Copy the URL and send that to AmperityThis URL is openable only once. After the URL has been accessed or after the time specified the data will be securely deleted.