GPG keys management

About GPG encryption

GPG encryption allows you to protect your data using a system of public-private keys pairs that follow the OpenPGP specification.

Once implemented, you can have incoming data decrypted and outgoing data encrypted before transfer occurs, to ensure that they will not be accessed by anyone without a valid matching key pair.

Discover this feature in video using Campaign Classic or Campaign Standard

To implement GPG encryption with Campaign, GPG keys must be installed and/or generated on a marketing instance by an Administrator user directly from the Control Panel.

You will then be able to:

  • Encrypt sent data: Adobe Campaign sends data out after encrypting it with the installed public key.

  • Decrypt incoming data: Adobe Campaign receives data that has been encrypted from an outside system using a public key downloaded from the Control Panel. Adobe Campaign decrypts the data using a private key that is generated from the Control Panel.

Encrypting data

Control Panel allows you to encrypt data coming out from your Adobe Campaign instance.

To do this, you need to generate a GPG key pair from a PGP encryption tool, then install the public key into Control Panel. You will then be able to encrypt data before sending it from you instance. To do this, follow the steps below.

Discover how to generate and install GPG keys in video using Campaign Classic or Campaign Standard

  1. Generate a public/private key pair using a PGP encryption tool following the OpenPGP specification. To do this, install a GPG utility or GNuGP software.

    NOTE

    Open source free software to generate keys is available. However, make sure you follow the guidelines of your organization and use the GPG utility recommended by your IT/Security organization.

  2. Once the utility is installed, run the command below, in Mac Terminal or Windows command.

    gpg --full-generate-key

  3. When prompted, specify the desired parameters for your key. Required parameters are:

    • key type: RSA
    • key length: 1024 - 4096 bits
    • real name and email address: Allows to track who created the key pair. Enter a name and email address linked to your organization or department.
    • comment: adding a label to the comment field will help you easily identify the key to use to encrypt your data.
    • expiration: Date or “0” for no expiration date.
    • passphrase

  4. Once confirmed, the script will generate a key with its associated fingerprint, that you can export into a file, or paste directly into the Control Panel. To export the file, run this command followed by the fingerprint of the key that you generated.

    gpg -a --export <fingerprint>

  5. To install the public key into Control Panel, open the Instance settings card, then select the GPG keys tab and the desired instance.

  6. Click the Install Key button.

  7. Paste the public key that has been generated from your PGP encryption tool. You can also directly drag and drop the public key file that you exported.

    NOTE

    The public key should be in the OpenPGP format.

  8. Click the Install Key button.

Once the public key is installed, it displays in the list. You can use the button to download it or copy its fingerprint.

The key is then available for use in Adobe Campaign workflows. You can use it to encrypt data when using data extraction activities.

Discover how to encrypt data in video using Campaign Classic or Campaign Standard

For more on this topic, refer to Adobe Campaign documentation:

Campaign Classic:

Campaign Standard:

Decrypting data

Control Panel allows you to decrypt external data coming into your Adobe Campaign instances.

To do this, you need to generate a GPG key pair directly from the Control Panel.

  • The public key will be shared with the external system, which will use it to encrypt the data to send to Campaign.
  • The private key will be used by Campaign to decrypt the incoming encrypted data.

Discover this feature in video using Campaign Classic or Campaign Standard

To generate a key pair in Control Panel, follow these steps:

  1. Open the Instance settings card, then select the GPG keys tab and the desired Adobe Campaign instance.

  2. Click the Generate Key button.

  3. Specify the name of the key, then click Generate Key. This name will help you identify the key to use for decryption in Campaign workflows

Once the key pair is generated, the public key displays in the list. Note that decryption key pairs are generated with no expiration date.

You can use the button to download the public key or copy its fingerprint.

The pubic key is then available to be shared with any external system. Adobe Campaign will be able to use the private key in data loading activities to decrypt data that has been encrypted with the public key.

For more on this, refer to Adobe Campaign documentation:

Campaign Classic:

Campaign Standard:

Monitoring GPG keys

To access GPG keys installed and generated for your instances, open the Instance settings card, then select the GPG keys tab.

The list displays all encryption and decryption GPG keys that have been installed and generated for your instances with detailed information on each key:

  • Name: The name that has been defined when installing or generating the key.

  • Use case: This column specifies the key’s use case:

    : The key has been installed for data encryption.

    : The key has been generated to allow data decryption.

  • Fingerprint: the fingerprint of the key.

  • Expires: The key’s expiration date. Note that Control Panel will provide visual indications as the key approaches its expiry date:

    • Urgent (red) is shown 30 days before.
    • Warning (yellow) is shown 60 days before.
    • An “Expired” red banner will display once a key expires.
    NOTE

    Note that no email notification will be sent by Control Panel.

As a best practice, we recommend that you remove any key that you do not need anymore. To do this, click the button then select Delete Key..

IMPORTANT

Before removing a key, make sure that it is not used in any Adobe Campaign workflow to prevent them from failing.

On this page