With the ever growing need for external and cloud based integration I’ve seen more and more needs for PGP encryption/decryption. Also as DataPower nor Message Broker explicitly supports PGP as part of it’s processing we’ve come up with a ‘workaround’ using GPG – AIX’s open-source PGP tool,
http://www.ibm.com/developerworks/aix/library/au-gnupg/
The script below combines MQ (for triggering and basic queuing) and GPG for decryption – it reads any encrypted message and decrypts it using GPG; as all IBM’s ESB’s support MQ the script is interoperable with all ESB’s. I would however recommend MQFTE if you’re looking for a true fault tolerant solution as the script below does not have ‘restart’ capabilities if there’s a system failure.
#!/bin/sh
# Written by Jaypal Reddy Kalagiri on March 5 2013
# This script gets messages from the queue using MA01 Support Pac to a file
# and decrypts the file using gpg2 and then puts back into another queue using same MA01
PASSPATH=/WBIDATA/MB01/scripts
FPATH=/WBIDATA/MB01/scripts
FINAL_FPATH=/WBIDATA/MB01/scripts
PGPFILE=/home/wbiuser/scripts/pgp
DSTAMP=`date +”%d%m%Y%H%M%S”`
i=1
FName=Orders_${DSTAMP}_$$_$i.asc
INPUT_Q=TEST
OUTPUT_Q=TEST_OUTPUT
QMGR=QMBRKDEV01
$FPATH/q -m ${QMGR} -I${INPUT_Q} -L 1 -F $PGPFILE/$FName
MQCode=$?
while [ $MQCode -eq 0 ] && [ -s $PGPFILE/$FName ]; do
gpg2 –batch –passphrase-file $PASSPATH/.passf –decrypt $PGPFILE/$FName > $FINAL_FPATH/$FName.xml
if [ -f $FINAL_FPATH/$FName.xml ]; then
$FPATH/q -m ${QMGR} -O${OUTPUT_Q} -F $FINAL_FPATH/$FName.xml
fi
i=`expr $i + 1`
FName=Orders_${DSTAMP}_$$_$i.asc
$FPATH/q -m ${QMGR} -I${INPUT_Q} -L 1 -F $PGPFILE/$FName
MQCode=$?
done
rm $PGPFILE/$FName # This is to remove last blank file that it creates under $PGPFILE path