AnsweredAssumed Answered

PGP Encryption not working when deployed to sub account via Integration Pack

Question asked by minh.nguyen700721 on Dec 12, 2016
Latest reply on Feb 19, 2018 by dcollins724067

Hello,

 

I have a process which exposes an API to take in some data (document), encrypts it using PGP and sends it to an SFTP connector. See example below:

Process Example

When deployed to an atom under our master account, this process works as expected, encrypting the file to the SFTP successfully. However, when deployed to a an atom under a sub-account via Integration Pack with a default PGP Certificate, the process is unable to encrypt the document. In the logs I see this error: 

com.boomi.process.ProcessException: Error executing data process
at com.boomi.process.shape.DataProcessShape.execute(DataProcessShape.java:52)
at com.boomi.process.graph.ProcessShape.executeShape(ProcessShape.java:550)
at com.boomi.process.graph.ProcessGraph.executeShape(ProcessGraph.java:488)
at com.boomi.process.graph.ProcessGraph.executeNextShapes(ProcessGraph.java:572)
at com.boomi.process.graph.ProcessGraph.executeShape(ProcessGraph.java:509)
at com.boomi.process.graph.ProcessGraph.executeNextShapes(ProcessGraph.java:572)
at com.boomi.process.graph.ProcessGraph.executeShape(ProcessGraph.java:509)
at com.boomi.process.graph.ProcessGraph.executeNextShapes(ProcessGraph.java:572)
at com.boomi.process.graph.ProcessGraph.execute(ProcessGraph.java:307)
at com.boomi.process.ProcessExecution.call(ProcessExecution.java:783)
at com.boomi.execution.ExecutionTask.call(ExecutionTask.java:918)
at com.boomi.execution.ExecutionTask.call(ExecutionTask.java:61)
at com.boomi.util.concurrent.CancellableFutureTask.run(CancellableFutureTask.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: Error decrypting password.
at com.boomi.container.config.ContainerCryptoUtil.decrypt(ContainerCryptoUtil.java:210)
at com.boomi.container.config.ContainerCryptoUtil.access$500(ContainerCryptoUtil.java:31)
at com.boomi.container.config.ContainerCryptoUtil$CryptoContext.decrypt(ContainerCryptoUtil.java:331)
at com.boomi.document.pgp.PGPEncryptDocumentHandler.initialize(PGPEncryptDocumentHandler.java:131)
at com.boomi.document.factory.DocumentExecutorFactory.getDocumentExecutor(DocumentExecutorFactory.java:129)
at com.boomi.document.util.DataProcessExecutor.executeStep(DataProcessExecutor.java:101)
at com.boomi.document.util.DataProcessExecutor.executeDataProcess(DataProcessExecutor.java:65)
at com.boomi.process.shape.DataProcessShape.execute(DataProcessShape.java:50)
... 15 more
Caused by: javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadOAEP(RSAPadding.java:499)
at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:293)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:389)
at javax.crypto.Cipher.doFinal(Cipher.java:2223)
at com.boomi.util.crypto.CryptoUtil.processInChunk(CryptoUtil.java:154)
at com.boomi.util.crypto.CryptoUtil.rsa1024DecryptString(CryptoUtil.java:136)
at com.boomi.container.config.ContainerCryptoUtil.decrypt(ContainerCryptoUtil.java:201)
... 22 more

I thought that maybe I had to make the PGP Certificate extensible on the Atom which is using the Integration Pack, so I copied the certificate from the Master account to the sub-account and extended it in the extensions, but there was no success. 

 

Is there a special way in which encryption should be used (or using the PGP Certificate) when deploying to a sub-account via Integration Pack? or is this a bug?

 

Thanks,

Minh Nguyen

Outcomes