Overview

The OpenPGP Task is an SSIS Control Flow task for encryption and decryption using the OpenPGP (RFC 2440) standard.


Demonstration


    Setup

    Use the General page of the OpenPGP Task Editor dialog to configure the parameters needed to encrypt, decrypt, create or verify the file signature.

    Parameters

    Specify the task name.

    Specify the task description.

    Specify the task action. This parameter has the options listed in the following table.

    Option Description
    Encrypt file Encrypts a file. Selecting this option displays the dynamic parameters IsPublicKeyRingVariable, PublicKeyRing, PublicKeyRingVariable, Key, OutputASCII, OldFormat 1.3 SR-5, IsSourceVariable, Source, SourceVariable, RemoveSource, IsSourceSigned, IsTargetVariable, Target, TargetVariable, OverwriteExisting.
    Decrypt file Decrypts a file. Selecting this option displays the dynamic parameters IsSecretKeyRingVariable, SecretKeyRing, SecretKeyRingVariable, Password, IsSourceVariable, Source, SourceVariable, IsTargetVariable, Target, TargetVariable, OverwriteExisting, VerifySignature 1.3 SR-5.
    Create file signature Creates a file signature. Selecting this option displays the dynamic parameters IsSecretKeyRingVariable, SecretKeyRing, SecretKeyRingVariable, Key, Password, OutputASCII, IncludeData, IsSourceVariable, Source, SourceVariable, IsSignatureVariable, Signature, SignatureVariable, OverwriteExisting.
    Verify file signature Verifies the file signature. Selecting this option displays the dynamic parameters IsPublicKeyRingVariable, PublicKeyRing, PublicKeyRingVariable, ResultVariable, IsSourceVariable, Source, SourceVariable, IsSignatureVariable, Signature, SignatureVariable.

    Indicate whether or not the public key ring path is stored in a variable. This parameter has the options listed in the following table.

    Option Description
    True The public key ring path is stored in a variable. Selecting this option displays the dynamic parameters PublicKeyRingVariable.
    False The public key ring path is specified in a File connection manager. Selecting this option displays the dynamic parameters PublicKeyRing.

    Select an existing File connection manager, or click <New connection...> to create a new connection manager.

    Related topics: File Connection Manager Editor

    Select an existing user-defined variable, or click <New variable...> to create a new variable.

    Related Topics: Integration Services Variables, Add Variable

    Select key(s) from key ring.

    Select to output 7-bit ASCII data instead of binary data. This parameter has the options listed in the following table.

    Option Description
    True Output in 7-bit ASCII data format.
    False Output in binary data format.

    Use this parameter to create a PGP 2 compatible package. This parameter has the options listed in the following table.

    Option Description
    True Create the package in PGP 2 format.
    False Create the package in OpenPGP format.

    Indicate whether or not the source path is stored in a variable. This parameter has the options listed in the following table.

    Option Description
    True The source path is stored in a variable. Selecting this option displays the dynamic parameter SourceVariable.
    False The source path is specified in a File connection manager. Selecting this option displays the dynamic parameter Source.

    Select an existing File connection manager, or click <New connection...> to create a new connection manager.

    Related topics: File Connection Manager Editor

    Contains the source path or input Stream object. Select an existing user-defined variable, or click <New variable...> to create a new variable.

    Related Topics: Integration Services Variables, Add Variable

    Specify source file to be removed after encryption.

    Indicate whether or not the target path is stored in a variable. This parameter has the options listed in the following table.

    Option Description
    True The target path is stored in a variable. Selecting this option displays the dynamic parameter TargetVariable.
    False The target path is specified in a File connection manager. Selecting this option displays the dynamic parameter Target.

    Select an existing File connection manager, or click <New connection...> to create a new connection manager.

    Related topics: File Connection Manager

    Contains the target path or output Stream object. Select an existing user-defined variable, or click <New variable...> to create a new variable.

    Related Topics: Integration Services Variables, Add Variable

    Use this parameter to indicate the existing file should be overwritten.

    Indicate whether or not the secret key ring path is stored in a variable. This parameter has the options listed in the following table.

    Option Description
    True The secret key ring path is stored in a variable. Selecting this option displays the dynamic parameter SecretKeyRingVariable.
    False The secret key ring path is specified in a File connection manager. Selecting this option displays the dynamic parameter SecretKeyRing.

    Select an existing File connection manager, or click <New connection...> to create a new connection manager.

    Related topics: File Connection Manager

    Select an existing user-defined variable, or click <New variable...> to create a new variable.

    Related Topics: Integration Services Variables, Add Variable

    Indicate whether or not the signature path is stored in a variable. This parameter has the options listed in the following table.

    Option Description
    True The signature path is stored in a variable. Selecting this option displays the dynamic parameter SignatureVariable.
    False The signature path is specified in a File connection manager. Selecting this option displays the dynamic parameter Signature.

    Select an existing File connection manager, or click <New connection...> to create a new connection manager.

    Related topics: File Connection Manager

    Select an existing user-defined variable, or click <New variable...> to create a new variable.

    Related Topics: Integration Services Variables, Add Variable

    Select an existing user-defined variable, or click <New variable...> to create a new variable. The variable has to be of the type Boolean and it will contain the verification result.

    Related Topics: Integration Services Variables, Add Variable

    Select to include the data to be signed.

    Use this parameter to indicate whether or not the source data is OpenPGP signed. This parameter has the options listed in the following table.

    Option Description
    True The source OpenPGP data is signed.
    False The source OpenPGP data is not signed.

    Use this parameter to indicate whether or not to verify the signature during decryption. This parameter has the options listed in the following table.

    Option Description
    True Verify the signature during decryption. Selecting this option displays the dynamic parameters IsSignaturePublicKeyRingVariable, SignaturePublicKeyRing, SignaturePublicKeyRingVariable.
    False Do not verify the signature during decryption.

    Indicate whether or not the signature public key ring path is stored in a variable. This parameter has the options listed in the following table.

    Option Description
    True The signature public key ring path is stored in a variable. Selecting this option displays the dynamic parameter SignaturePublicKeyRingVariable.
    False The signature public key ring path is specified in a File connection manager. Selecting this option displays the dynamic parameter SignaturePublicKeyRing.

    Select an existing File connection manager, or click <New connection...> to create a new connection manager.

    Related topics: File Connection Manager

    Select an existing user-defined variable, or click <New variable...> to create a new variable.

    Related Topics: Integration Services Variables, Add Variable


    Samples

    • For a sample showing how to stream data without intermediate storage, see this package.
    • For a sample showing how to create data in-memory in data flow, encrypt and stream without intermediate storage, see this package.

    FAQ

    • Creating a signed and encrypted package is a 2-step process:

      • Insert the OpenPGP Task with the action "Create file signature". Set IncludeData option set to true.
      • Insert OpenPGP Task with the action "Encrypt file". As a source file, select the target file created in the "Create file signature" step. Set the IsSourceSigned option to true.
    • PGP 6.5.x is based on the older OpenPGP specification RFC 2440. To create encrypted package compatible with the older format, in the OpenPGP Task set OldFormat parameter to True.