GPG encryption allows you to protect your data using a system of public-private keys pairs that follow the OpenPGP specification.
Once implemented, you can have incoming data decrypted and outgoing data encrypted before transfer occurs, to ensure that they will not be accessed by anyone without a valid matching key pair.
To implement GPG encryption with Campaign, GPG keys must be installed and/or generated on a marketing instance by an Administrator user directly from the Control Panel.
You will then be able to:
Encrypt sent data: Adobe Campaign sends data out after encrypting it with the installed public key.
Decrypt incoming data: Adobe Campaign receives data that has been encrypted from an outside system using a public key downloaded from the Control Panel. Adobe Campaign decrypts the data using a private key that is generated from the Control Panel.
Control Panel allows you to encrypt data coming out from your Adobe Campaign instance.
To do this, you need to generate a GPG key pair from a PGP encryption tool, then install the public key into Control Panel. You will then be able to encrypt data before sending it from you instance. To do this, follow the steps below.
Generate a public/private key pair using a PGP encryption tool following the OpenPGP specification. To do this, install a GPG utility or GNuGP software.
Open source free software to generate keys is available. However, make sure you follow the guidelines of your organization and use the GPG utility recommended by your IT/Security organization.
Once the utility is installed, run the command below, in Mac Terminal or Windows command.
When prompted, specify the desired parameters for your key. Required parameters are:
Once confirmed, the script will generate a key with its associated fingerprint, that you can export into a file, or paste directly into the Control Panel. To export the file, run this command followed by the fingerprint of the key that you generated.
gpg -a --export <fingerprint>
To install the public key into Control Panel, open the Instance settings card, then select the GPG keys tab and the desired instance.
Click the Install Key button.
Paste the public key that has been generated from your PGP encryption tool. You can also directly drag and drop the public key file that you exported.
The public key should be in the OpenPGP format.
Click the Install Key button.
Once the public key is installed, it displays in the list. You can use the … button to download it or copy its fingerprint.
The key is then available for use in Adobe Campaign workflows. You can use it to encrypt data when using data extraction activities.
For more on this topic, refer to Adobe Campaign documentation:
Control Panel allows you to decrypt external data coming into your Adobe Campaign instances.
To do this, you need to generate a GPG key pair directly from the Control Panel.
To generate a key pair in Control Panel, follow these steps:
Open the Instance settings card, then select the GPG keys tab and the desired Adobe Campaign instance.
Click the Generate Key button.
Specify the name of the key, then click Generate Key. This name will help you identify the key to use for decryption in Campaign workflows
Once the key pair is generated, the public key displays in the list. Note that decryption key pairs are generated with no expiration date.
You can use the … button to download the public key or copy its fingerprint.
The pubic key is then available to be shared with any external system. Adobe Campaign will be able to use the private key in data loading activities to decrypt data that has been encrypted with the public key.
For more on this, refer to Adobe Campaign documentation:
To access GPG keys installed and generated for your instances, open the Instance settings card, then select the GPG keys tab.
The list displays all encryption and decryption GPG keys that have been installed and generated for your instances with detailed information on each key:
Name: The name that has been defined when installing or generating the key.
Use case: This column specifies the key’s use case:
: The key has been installed for data encryption.
: The key has been generated to allow data decryption.
Fingerprint: the fingerprint of the key.
Expires: The key’s expiration date. Note that Control Panel will provide visual indications as the key approaches its expiry date:
Note that no email notification will be sent by Control Panel.
As a best practice, we recommend that you remove any key that you do not need anymore. To do this, click the … button then select Delete Key..
Before removing a key, make sure that it is not used in any Adobe Campaign workflow to prevent them from failing.