PGP Template Management
Control-M MFT transfers can integrate with your PGP application, which enables you to encrypt or decrypt files on a local computer before or after a transfer.
-
To enable PGP integration into Control-M MFT, you must have a PGP application, which supports batch command line operations, installed on the local computer.
-
To execute PGP commands, at least one of the endpoints in the job definition must be a File System connection profile.
-
(Windows only)The user defined in the File System connection profile must have Log on as a batch job policy in the Local Security Policy window.
To create a PGP template, see Creating a PGP Template
Creating a PGP Template
This procedure describes how to create a PGP template, which can be used to define PGP commands in the properties pane.
BMC recommends that you use one of the pre-defined GnuPG or PGP templates supplied by Control-M MFT, which define the command line parameters for these PGP applications.
Begin
-
From the icon, select Configuration.
-
From the drop-down list, select Plug-ins.
The Plug-ins tab appears.
-
Select the File Transfer plug-in.
-
From the Configuration drop-down list, select PGP templates management.
The PGP templates management pane appears.
-
Click .
The PGP template details pane appears.
-
For each field, type the required value, as described in PGP Template Parameters.
-
Click OK.
The PGP template appears in the PGP templates management pane.
PGP Template Parameters
The following table lists the PGP template parameters.
Parameter |
Description |
---|---|
Template Name |
Defines the name of the PGP template (30 characters maximum length). |
PGP Executable Full Path |
Defines the location and name of the executable file for the PGP application |
Exit Code |
Defines the code of a successful PGP operation |
Recipient |
Determines the name of the recipient that is defined in the encrypt command |
Passphrase |
Defines the passphrase that is used to decrypt the file |
Encryption/Decryption Parameters |
Defines the PGP command line parameters for encryption or decryption. The following variables can be used: $$PGP_PASSPHRASE$$: Determines the passphrase that is defined in the Passphrase field. This provides additional security as you do not have to write the passphrase in the PGP command. $$PGP_RECIPIENT$$: Determines the recipient name that is defined the Recipient field. $$PGP_INPUT_FILE$$: Determines the name of the file to encrypt/decrypt $$PGP_OUTPUT_FILE$$: Determines the name and the location of the encrypted/decrypted file. You need to use this variable with the output option of your PGP application. You must use both $$PGP_INPUT_FILE$$ and $$PGP_OUTPUT_FILE$$ when defining a PGP template, otherwise Control-M MFT fails to complete the PGP operation. There are 2 predefined read-only templates, GnuPG_TEMPLATE and PGP_TEMPLATE, for the GnuPG and PGP utilities respectively. You can duplicate a template and modify it according to your needs. Encrypt GnuPG: -e -r $$PGP_RECIPIENT$$ -o $$PGP_OUTPUT_FILE$$ $$PGP_INPUT_FILE$$ Decrypt GnuPG: -d --batch --passphrase $$PGP_PASSPHRASE$$ -o $$PGP_OUTPUT_FILE$$ $$PGP_INPUT_FILE$$ |