Integration Server 11.1 | Built-In Services Reference Guide | Security Folder | Summary of Elements in this Folder | pub.security:encrypt
 
pub.security:encrypt
WmPublic. Converts plain data to encrypted data.
Input Parameters
securityProvider
String Optional. The type of security provider. The valid values are:
*PGP (Pretty Good Privacy)
*JCE-KBE (Java Cryptography Extension-Key Based Encryption)
The default value is PGP.
data
Document Data that you want to encrypt. The data must be in one of the following formats. If multiple input parameters are supplied for data, the service throws an exception stating that only one parameter must be passed.
Key
Description
string
String Optional. The string that you want to encrypt.
stream
java.io.InputStream Optional. The stream data that you want to encrypt.
bytes
byte[ ] Optional. The byte array that you want to encrypt.
file
String Optional. The absolute or relative path of the file that you want to encrypt. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
loadAs
String Optional. The format in which the service returns the output. Set to:
*bytes to return the output as a byte array. This is the default.
*stream to return the output as a stream object.
*string to return the output as a string.
publicKey
Document The public key required to encrypt the data.
For PGP, provide publicKeyBytes, publicKeyString, or publicKeyRingFile. If you provide publicKeyRingFile, you must also provide publicKeyAlias. Otherwise, the service throws an exception.
For JCE-KBE, provide publicKeyBytes, publicKeyString, or truststoreAlias. If you provide truststoreAlias, you must also provide certAlias. Otherwise, the service throws an exception.
Key
Description
publicKeyBytes
Object List Optional. One or more public key files as byte arrays for PGP. JCE supports only a single public key file.
Note:
Public key files have a .asc extension for PGP.
publicKeyString
String List Optional. One or more public keys as strings for PGP. JCE supports only a single public key string.
public​KeyRingFile
String Optional. The absolute or relative path of the public keyring file. The public keyring file is a collection of public keys with a unique key ID. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory. This parameter is secific to PGP.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
Note:
Public keyring files have a .pkr extension for PGP.
publicKeyAlias
String List Optional. One or more public key aliases as strings. A public key alias is the 64-bit (16 characters) key identifier of a public key.
Note:
This parameter is required only when you use publicKeyRingFile.
truststoreAlias
String Optional. Applies only to JCE. The alias for the truststore containing the public key and certificate.
certAlias
String Optional. Applies only to JCE. The alias identifying a particular trusted certificate within a truststore.
Note:
This parameter is required only when you use truststoreAlias.
encryption​Algorithm
String The key encryption algorithm to use.
*For PGP, select one of the following symmetric key encryption algorithms:
*AES_192
*AES_256
*BLOWFISH
*IDEA
*TRIPLE_DES
*TWOFISH
The default value is AES_256.
*For JCE, select RSA (asymmetric key encryption algorithm).
cipher
String Optional. Applies only to JCE. The cipher for encryption. Select one of the following:
*RSA
*RSA/ECB/PKCS1Padding
*RSA/ECB/OAEPWithSHA-1AndMGF1Padding
*RSA/ECB/OAEPWithSHA-256AndMGF1Padding
*RSA/ECB/OAEPWithSHA-512AndMGF1Padding
*RSA/ECB/OAEPPadding
The default value is RSA.
Output Parameters
stream
java.io.OutputStream Conditional. Encrypted data as an output stream. Returned when the loadAs input parameter is set to stream.
bytes
byte[ ] Conditional. Encrypted data as bytes. Returned when the loadAs input parameter is set to bytes.
string
String Conditional. Encrypted data as a string in the ASCII-armored format. Returned when the loadAs input parameter is set to string.
status
String Indicates whether the data is successfully encrypted or not. If successful, status is success. Otherwise, status contains failure along with an error message.
Usage Notes
For PGP, consider the following points:
*Before encrypted data is exchanged between Integration Server and an external system, the external system must share its public key. The service accepts multiple public keys to encrypt the same data for many users.
*The public key is passed to the pub.security:encrypt service, which returns the encrypted data to Integration Server.
*To encrypt the data for multiple users, provide the users' public keys to the service as a list of byte arrays, strings, or a keyring file. If you provide a keyring file, you must also provide the public key aliases.
*The service supports a data file of size up to 2 GB when the memory allocated to Integration Server is 10 GB or more.
*Authentication keys used in this service must be in the PGP format and generated using the RSA encryption algorithm.
Note:
Authentication keys in the .ecc format are not supported for PGP.
For JCE, consider the following points:
*You can encrypt the data for a single user only. Provide the public key to the service as a list of byte array, string, or truststoreAlias. If you provide truststoreAlias, you must also provide certAlias
*The service supports a maximum data size that depends on the key size.