Cryptography: OpenSSL Action

You can configure an OpenSSL action in an event rule to sign or verify a file.

The OpenSSL action is supported on HTTPS and SFTP and can be used for the following triggers:

Scheduler (Timer)
Folder monitor
File Uploaded
Verified Upload Succeeded events

EFT can only create detached signature files; however, it can verify signatures for non-detached, detached, and XML Enveloped signature files.

The signing certificate formats include:

.pem
.cer, .crt, .der – in binary DER form only
.p7b, .p7c – PKCS#7 SignedData structure without any data, just the certificate
.p12 – PKCS#12, may contain certificate(s) (public) and private keys (password protected)
.pfx – PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)

To use the Cryptography: OpenSSL action

Create an event rule (or use existing rule) and add the action to the event.

Click one of the linked items. The Open SSL dialog box appears.

In Operation, click the drop-down list and click Sign or Verify Signature. The available fields change depending on whether you choose Sign or Verify Signature.
If you clicked Sign, the Signature Type field is read-only.

NOTE: EFT can only create detached signature files, however, it can verify signatures for non-detached, detached, and XML-Enveloped signature files.

In the File to sign box, The File System variable %FS.PATH% is the default. You can chooses a replacement variable instead.
The Signature field is read-only and displays the filename of the signature file path used, which is the same as the file to process, with ".sig" appended to the filename. This text box is auto-filled and non-editable.
In Matching Signature, specify what to do if a duplicate signature is found: Overwrite, Skip, or Fail.
In the Certificate, Private Key, and Passphrase fields, provide the associated certificate information.

NOTE: You cannot browse for the certificate or private key location. Instead you must copy and paste the path to the certificate and private key. EFT server must have access to the location.

The Show Passphrase check box allows you to verify the passphrase was typed correctly.
In Signing hash, click the applicable algorithm: SHA-256, SHA-384, SHA-512.

If you clicked Verify Signature, in File to sign, specify the file path, or click another variable in the list of replacement variables. Then specify the Certificate path and click OK.
Add additional actions or conditions as needed, then click Apply to save the Event Rule.

NOTE: A context variable, EVENT.EVENT_ACTION_FAILURE_REASON, can be used to convey error information returned from the OpenSSL library to any downstream actions.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
v8.2 | 202407231122 | July 2024