File Ingestion and Replication > File Ingestion and Replication > Key ring command reference

Key ring command reference

A file ingestion and replication task encrypts and decrypts files using the Pretty Good Privacy (PGP) method. An Informatica Intelligent Cloud Services administrator uses the command line interface (CLI) to create key IDs and key passphrases. The administrator can then share them with the Informatica Intelligent Cloud Services user to encrypt and decrypt files.

You can run the key ring commands if you have the privileges to update files in the agent location. A PGP configuration file is created when you install the agent. The PGP configuration file consists of the properties that lists the location of the public key ring and the secret key ring. You must update the properties to change the location of the existing key ring. For more information about updating the properties, see the Administrator help.

The default location of the PGP configuration file is <agent location>/apps/MassIngestionRuntime/<latest version no>/conf/pgp-configuration.properties.

Use the createKeyRing command to create a key ring in the key ring location that is defined in the PGP configuration file.

To specify the symmetric key algorithm, you must update the pgp-configuration.properties file with the following properties:

•pgp.encryptionAlgorithms=AES128, AES192, AES256, BLOWFISH, CAST5, and TWOFISH
•pgp.hashAlgorithms=MD2, MD5, RIPEMD160, SHA1, SHA256, SHA384, and SHA512
•pgp.compressionAlgorithms=ZIP, ZLIB

Note: You must enter at least one algorithm in the properties file. If you don't enter a value or specify the algorithms in the pgp-configuration.properties file, the first algorithm is automatically selected as the default.

To create key IDs and add them to the key ring, use the createKeyPair command. A key ID consists of a public key and a private key. To import public keys from different partners or use an existing key pair and import it to the current agent key ring location, use the importKeys command.

createKeyRing

Creates a key ring. A key ring consists of a public key ring and a secret key ring.

If the key ring exists, the command displays an error indicating that a key ring already exists.

The createKeyRing command uses the following syntax:

<--command|-c> createKeyRing

The following sample command creates a key ring and saves the key ring in the location that is defined in the PGP configuration file:

./pgp_cli.sh -c createKeyRing

The command displays the following output:

KeyRing created successfully

createKeyPair

Creates a key pair. The key pair or the key ID consists of a public key and a private keys.

The createKeyPair command uses the following syntax:

Option	Argument	Description
--command -c	createKeyPair	Required. The command to run.
--name -n	key_name	Required. The name of the key pair.
--passphrase -p	passphrase	Required. The passphrase of the PGP key.
--size -s	size	Optional. The size of the PGP key in bits. Enter one of the following values: - 512 - 1024 - 2048 - 4096 Default is 512.
--expiration -e	expiration_date	Required. The date when the PGP key pair expires. Use the following date format: dd-mm-yyyy
--email -m	email	Required. The email ID of the user.

Note: The type argument uses the RSA PGP key.

The following sample command creates a key pair and adds the key pair to the key ring.

./pgp_cli.sh -c createKeyPair -n Mykeypair -p Mykeypassphrase -s 1024 -e 31-12-2023 -m abc@informatica.com

The command displays the following output:

13:01:13 INFO Default system locale: English (United States)
13:01:13 INFO Create Key Pair.
13:01:13 INFO Encryption Algorithms used-AES128,AES192,AES256,BLOWFISH,CAST5,TWOFISH
13:01:13 INFO Hash Algorithms used-SHA1,MD5
13:01:13 INFO Compression Algorithms used-ZIP,ZLIB
13:01:14 INFO Key pair was successfully created and added to your key ring. The key ID is '0xCE090A15001A183B'.
13:01:14 INFO Key Pair created successfully.

listKeys

Lists all keys in key ring.

The listKeys command uses the following syntax:

<--command|-c> listKeys

The following sample command lists keys that are in the key ring:

./pgp_cli.sh -c listKeys

The command displays the following output:

12:10:38 INFO Default system locale: English (United States)
12:10:38 INFO Listing Keys.
12:10:38 INFO Total keys : 2
Key ID : 0x23149FC8C38658EA User : Mykeypair <abc@informatica.com./pgp_cli.sh> Description : Key Pair Key Type : RSA Key Size : 1024 Expiration Date : Tue Dec 10 23:59:59 IST 2019

Key ID : 0x7B1E52AFB29030A6 User : new <a@b.com> Description : Key Pair Key Type : RSA Key Size : 1024 Expiration Date : Sat Sep 28 23:59:59 IST 2019

importKeys

Imports keys from an external file to the key ring.

To import public keys from an external file or to use an existing key pair and import it to the current agent key ring location, use the importKeys command.

The importKeys command uses the following syntax:

<--command|-c> importKeys <--location|-l> location

Option	Argument	Description
-location -l	location	Required. The file name and location of the file that contains key pairs or public keys to import.

The following sample command imports keys from the key pair to the key ring:

./pgp_cli.sh -c importKeys -l /root/RSFiles/SubFolder1/SubFolder2/file1.asc

The command displays the following output:

12:37:09 INFO Default system locale: English (United States)
12:37:10 INFO Importing Keys.
12:37:10 INFO Public key '0x23149FC8C38658EA' with user ID 'doctest <abc@informatica.com./pgp_cli.sh>' was imported successfully.
12:37:10 INFO 1 public keys and 0 secret keys were successfully imported into your key ring.
12:37:10 INFO Import Finished.

exportKeyPairs

Exports key pairs from the key ring to a file.

The exportKeyPairs command uses the following syntax:

<--command|-c> exportKeyPairs
<--ids|-i> list_of_key_ids
<--location|-l> location

Option	Argument	Description
--ids -i	list_of_key_ids	Required. Comma-separated list of key IDs in the key ring.
--location -l	location	Required. The file name and location of the file to export key pairs from the key ring.

The following sample command exports key pairs from the key ring to a local repository:

./pgp_cli.sh -c exportKeyPairs -i 0x23149FC8C38658EA -l /root/RSFiles/SubFolder1/file.asc

The command displays the following output:

12:28:18 INFO Default system locale: English (United States)
12:28:18 INFO Exporting Key Pairs.
12:28:18 INFO Export Finished.

exportPublicKeys

Exports public keys from the key ring to a file.

The exportPublicKeys command uses the following syntax:

<--command|-c> exportPublicKeys
<--ids|-i> list_of_key_ids
<--location|-l> location

Option	Argument	Description
--ids -i	list_of_key_ids	Required. Comma-separated list of PGP key IDs in the key ring.
--location -l	location	The file name and location file to export public key from the key ring.

The following sample command exports public keys to a local repository:

./pgp_cli.sh -c exportPublicKeys -i 0x23149FC8C38658EA -l /root/RSFiles/SubFolder1/SubFolder2/file1.asc

The command displays the following output:

12:32:10 INFO Default system locale: English (United States)
12:32:10 INFO Exporting Public Keys.
12:32:10 INFO Export Finished.

deleteKeys

Deletes keys from the key ring.

The deleteKeys command uses the following syntax:

<--command|-c> deleteKeys <--ids|-i> list_of_key_ids

Option	Argument	Description
--ids -i	list_of_key_ids	Required. Comma-separated list of key IDs in the key ring.

The following sample command deletes keys:

./pgp_cli.sh -c deleteKeys -i 0x23149FC8C38658EA

The command displays the following output:

12:36:46 INFO Default system locale: English (United States)
12:36:46 INFO Deleting Key.
12:36:47 INFO Key '0x23149FC8C38658EA' was deleted
12:36:47 INFO Delete Finished.

changePassphrase

Changes the passphrase of the key.

The changePassphrase command uses the following syntax:

<--command|-c> changePassphrase
<--ids|-i> key_id
<--old-passphrase|-o> old_passphrase
<--passphrase|-p> new_passphrase

Option	Argument	Description
--ids -i	key_id	Required. Comma-separated list of PGP key IDs in the key ring.
--old-passphrase -o	old_passphrase	Required. The old passphrase of the PGP key ring.
--passphrase -p	new_passphrase	Required. The new passphrase of the PGP key ring.

The following sample command replaces the old key passphrase to the new key passphrase:

./pgp_cli.sh -c changePassphrase -i 0xDA70CEEDF703DCBE -o Mykeypassphrase -p Mynewkeypassphrase

The command displays the following output:

12:46:36 INFO Default system locale: English (United States)
12:46:36 WARN Unable to load pgp configuration file : ./conf/pgp-configuration.properties (No such file or directory)
12:46:36 INFO Changing Key Pair.
12:46:36 INFO Passphrase for the key '0xDA70CEEDF703DCBE' was changed successfully. Please make sure to save this passphrase in a secure place.
12:46:36 INFO Key Passphrase changed successfully.