Cryptography
- Encrypt and sign
Declaration
<AMCRYPTOGRAPHY SUBFOLDERS="yes/no" KEEPFOLDERSTRUCT="yes/no" OVERWRITE="yes/no" ISNEWER="yes/no" ONLYIFEXIST="yes/no" OVERWRITEREADONLY="yes/no" OVERWRITEHIDDEN="yes/no" ARCHIVETURNOFF="yes/no" MATCHCASE="yes/no" EXCLUDE="text" RE="yes/no" INPUTFILE="text" OUTPUTFILE="text" RESULTDATASET="text" PUBKEYRINGPATH="text" SECKEYRINGPATH="text" PASSPHRASE="text (encrypted)" HASHALGO="text (options)" SYMMETRICALGO="text (options)" PROTECTION="text (options)" COMPRESSIONALGO="text (options)" USEOLDPACKETS="YES/NO" INPUTTEXT="yes/no" ARMOR="YES/NO" TAR="YES/NO" SELFEXTRACT="YES/NO" APPENDEXTENSION="text" ATTRFILTER="+r" />
Description
Encrypts and digitally signs one or more files in a single automated sequence.
Practical usage
Ideal for keeping sensitive and confidential information private.
Parameters
General
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Source | Text | Yes | (Empty) |
|
The
path and file name of the files to encrypt. This can be a fully
qualified path and file name (preferred) or a single file (requires
use of the File System - Change
folder activity). You can use wildcard characters (for example, * or ?) to specify all files matching a certain mask. You can specify multiple files
and file masks by separating each entry with
a pipe character (|) (for example, c:\temp\*.txt|c:\backup\*.bak).
See File
Masks & Wildcards for more details. NOTE: Files with invalid paths are ignored at runtime. |
| Destination | Text | Yes | User |
|
The destination folder and (optional) file name to place the newly encrypted files. Folders that do not exist will be automatically created at runtime. |
| Create and populate decrypt dataset | Text | No | (Empty) | RESULTDATASET="theResult" | The name of the dataset to create and populate with results of this activity. |
| Keyring file(s) - Public | Text | Yes | (Empty) | PUBKEYRINGPATH="c:\foldername\file.pkr" | Specifies
the path and file name of the OpenPGP or PGP public keyring file (.pkr).
Entering a valid public keyring file along with a matching secret
keyring file populates the Recipient(s)
section with the appropriate signature information when pressing
the Select recipients
button. This parameter is available only if the Encryption type parameter is set
to OpenPGP public key
or PGP public key. NOTE: Automate Desktop comes equipped with the OpenPGP engine which is installed
on the system during Automate Desktop installation. |
| Keyring file(s) - Secret | Text | Yes | (Empty) | SECKEYRINGPATH="c:\foldername\file.skr" | Specifies
the path and file name of the PGP secret keyring file (.skr). Entering
a valid public keyring file along with a matching secret keyring
file populates the Recipient(s)
section with the appropriate signature information when pressing
the Select recipients
button. This parameter is available only if the Encryption type parameter is set
to PGP public key. NOTE: Automate Desktop comes equipped with the OpenPGP engine which is installed
on the system during Automate Desktop installation. |
Recipient/Signer
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Recipient(s) - Email or Name | Text | Yes | (Empty) |
|
Specifies
the recipient name or email address used to locate the private
key. Existing signatures (populated using values entered in the
Public keyring file and
Secret keyring file parameters)
can be added by selecting the signature and clicking the Add button or simply double-clicking
the signature. To manually enter an email address or name along with keyring passphrase, click the Create button and enter the email address or unique name and associated passphrase in the appropriate fields. To remove a signature, select X. NOTE:
At least one signature is required. Therefore, one email address
or name from the keyring along with its keyring passphrase needs
to be entered. If there is no password associated with the email
address or name in the keyring, then the Passphrase
field can be left blank. Additionally, if no name or email address
is used to identify the key, make sure to empty the Email
or Name field of any contents. |
|
Signer(s) - Email or Name |
Text |
Yes |
(Empty) |
|
Specifies
the name or email address used to locate the private key. Existing
signatures (populated using values entered in the Public
keyring file and Secret
keyring file parameters) can be added by selecting the
signature and clicking the Add
button or simply double-clicking the signature. To manually enter an email address or name along with keyring passphrase, enter the email address or unique name and associated password in the appropriate fields. To remove a signature, select X. NOTE: At least one signature is required. Therefore, one email address
or name from the keyring along with its keyring passphrase needs
to be entered. If there is no password associated with the email
address or name in the keyring, then the Password
field can be left blank. Additionally, if no name or email address
is used to identify the key, make sure to empty the Email
or Name field of any contents. |
| Symmetric algorithm | Text (options) | Yes | CAST5 |
|
The
symmetric algorithm to encrypt and sign the file. The available
options are:
|
Advanced
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Use new features (PGP > 6.5.x) | Yes/No | No | Yes | USENEWFEATURES="NO" | If selected (default), newer PGP features introduced in 6.5.x will be supported. |
| Use old packets (PGP 2.3.x, 6.5.x) | Yes/No | No | Yes | USEOLDPACKETS="YES" | If selected, older PGP encryption algorithm will be supported. Disabled by default. |
| Armor data (text output) | Yes/No | No | No | ARMOR="YES" | If selected, causes PGP or OpenPGP to enable ASCII Armor output, a form of encoding binary data in a sequence of ASCII-printable characters. Binary to text encoding is necessary for transmission of data when the channel or the protocol only allows ASCII-printable characters, such as transporting through email channels. If you intend to use PGP primarily for email purposes, we suggest enabling this option. This parameter is active only if the Encryption type parameter is set to OpenPGP passphrase, PGP passphrase or PGP public key. |
File Options
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Exclude mask | Text | No | (Empty) | EXCLUDE="*.txt" | Causes this action to omit decrypting files matching the masks specified. Filenames or wildcard masks may be used. Multiple entries may be specified by separating them with a pipe symbol (|). For example: *.txt|*.bak. |
| Regular expression | Yes/No | No | No | RE="YES" | If selected, specifies that a regular expression is used in the Exclude Mask field. |
| Only if newer than | Date | No | (Empty) | ISNEWERTHAN="%DateSerial(2007,10,12) + TimeSerial(00,00,00)%" | Causes this action to only decrypt files if the source is newer than the date/time specified. If this parameter is left blank or not included, the date of the files will be ignored (excluding Only if newer parameter). |
| Only if older than | Date | No | (Empty) | ISOLDERTHAN="%DateSerial(2007,10,12) + TimeSerial(00,00,00)%" | Causes this action to only decrypt files if the source is older than the date/time specified. If this parameter is left blank or not included, the date of the files will be ignored (excluding Only if newer parameter). |
| Overwrite if exists | Yes/No | No | No | OVERWRITE="YES" | If selected, specifies that, if destination files already exist, they should be overwritten. The default value is disabled. |
| Include subfolders | Yes/No | No | No | SUBFOLDERS="YES" | If selected, specifies that, if present, subfolders should be searched for files matching the mask specified in the Source parameter. The default value is disabled. |
| Preserve folder structure | Yes/No | No | Yes | KEEPFOLDERSTRUCT="NO" | If selected, specifies that subfolders found in the source folder should be created in the destination folder, and source files should be decrypted into their respective folders rather than directly into the root of the folder specified in the Destination parameter. Valid only if the Include subfolders parameter is selected. |
| Only if newer | Yes/No | No | No | ISNEWERTHAN="YES" | If selected, indicates that only files that are newer than those in the destination folder will overwrite existing files. Valid only if the Overwrite if Exists parameter is selected. |
| Only if exists in destination | Yes/No | No | No | ONLYIFEXIST="YES" | If selected, specifies that only files that already exist in the destination will be decrypted from the source. All other files, regardless of whether they match the mask or other parameter settings will be bypassed. Valid only if the Overwrite if Exists parameter is selected. |
| Overwrite read-only files | Yes/No | No | No | OVERWRITEREADONLY="YES" | If selected, indicates that already existing files should be overwritten even if the file in the destination is marked with the "read-only" attribute. By default, read only files are not overwritten. Valid only if the Overwrite if Exists parameter is selected. |
| Overwrite hidden files | Yes/No | No | No | OVERWRITEHIDDEN="YES" | If selected, specifies that already existing files should be overwritten even if the file in the destination is marked with the "hidden" attribute. By default, hidden files are not overwritten. Valid only if the Overwrite if Exists parameter is selected. |
| Turn archive attribute off | Yes/No | No | No | ARCHIVETURNOFF="YES" | If selected, the archive attribute of the source file is switched OFF. The Windows archive attribute is generally used to track whether a file has been backed up. By turning the source file's archive attribute off, this indicates to many backup programs that the file has already been backed up. This parameter is disabled by default. |
| Match case | Yes/No | No | No | MATCHCASE="YES" | If selected, the properties set within this activity are case sensitive in relation to the file. This parameter is disabled by deafult. |
File Attributes
| Property | Type | Required | Default | Markup | Description |
|---|---|---|---|---|---|
| Attributes | Text Options | No | (Empty) | ATTRFILTER="+R+A-H" (decrypt read-only & archive files but not hidden files) | This group of settings causes the action to
filter which files are decrypted based on the attribute settings
of the source files. In visual mode, a group of controls are
provided to assist in the selection of this parameter. In markup
mode, a single text item must be specified that contains the attributes
of the files you wish to decrypt. Available options are:
|
Additional notes
Comparing machine-level and user-level RSA key containers
User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and encrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that will make use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.
Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.