Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2022 Release Wave 1 PlanDynamics 365 release plan for the 2022 release wave 1 describes all new features releasing from April 2022 through September 2022.
2022 release wave 1 plan
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
We have a problem statement of sending encrypted files & digitally signed with pgp keys files to SFTP from Dynamics 365 for operations . We don't have any on premise server and entirely hosted on cloud . Now we are trying to encrypt files using PGP keys but not able to as that software or signing is hosted on Dev VM now but not be available during Production.
Here is my analysis : 1. Using GPA interface where in manually we need to select a file and use the option sign and encrypt. So this option will not work for us as all the files will be moved to SFTP automatically where no manual intervention applied.2. Create a Bat file and use the command prompt manually to execute the Bat for the particular file. This option also can’t be achieved if we don’t have on premise server as we need to place this Bat file to execute it.
Can someone suggest how to proceed on encryption and signing the files with pgp keys for payload security .
D365fO has excellent capabilities to integrate third party DLLs or you could build your own code in Visual Studio youself.
We did AES Ridjndael implementation for encrypting our passwords and sensitive data. Also we have created an FTP wrapper in C# and just use that for uploading our master data and inventory levels to a custom solution provider who does master planning for us outside of AX.
Have a look at this, or pretty much any C# implementation of PGP signatures:
You just need to give specifications/requirements to your developer, let him work on it for a couple of days, and then it should be available for use.
We don't have any middleware to run this process of encryption and digitally signing from Cloud VM. Where I can host my PGP application for signing the file and for encryption can you provide some blog using pgp key encryption ?
The application to run your logic is Dynamics 365 for Operations itself; you don't need any middleware (unless you have some extra requirements that you didn't mention).
What do you mean by "some blog using pgp key encryption"? Did you check the StackOverflow thread linked above?
My goal was to point you in a direction and confirm that this is indeed possible. I will not be able to provide an exact solution, you need to come up with your own design and implementation as per your requirements.
I have no idea why would you need a middletier when you can place all logic in AX, again, using DLLs.
All that you need for the implementation has already been linked earlier.
I checked the stackoverflow blog which states for signing the file using pgp keys . But My question is where to host that GPA application / winscp from where you are generating your keys and storing it. For Prod scenario , there won't be any VM nor we have procured any middle ware server to host application . As I mentioned in earlier post , we are generating vendor payment files and sending to bank SFTP . Now requirement is to sent these files with encryption with SSH key & files should be signed as well .
Now we are facing challenge in file encryption itself using ssh key . The generated keys from above mentioned appl needs to keep in particular folder and code should read them
Nothing stops you from putting the Visual Studio C# Project inside AX, and calling it from there, that is why we do not understand why do you want a middleware. They suggest using specific VS libraries for doing the encryption itself, I do not see any requirements for middleware. If the library wants to use files, pick a different library where you can feed keys as string, which for example you could store in an AX table.
Let me try out C# code to feed keys from AX table . I hope this will help . Will update my finding soon .
Thanks for inputs.
I was trying to implement what you have mentioned but below are my queries. If you could answer it would be really helpful for me .
1)How to keep the pgp key file in db table . For that we need to get the stream of that file
and convert into blob image so as to store that in ax field. So how to convert from stream
to blob image or how to store it to string field .
Hi Martin ,
Per your suggestion , I am able to do encryption & signing the file but i have posted few more queries now. Please take a look .
Binary data can be stored in many ways, there are a lot of conversion classes available in C# which you could use in AX as well by accessing them through the System. namespace. The way I would probably do is to store it in base64, or as a hexadecimal string. You can look up these conversions using a search engine and get a lot of solutions back.
We typically store binary files such as images and encryption keys in base64 within our AX 2012 environment.
If you want to use a blob, create a container table field (which creates a blog in database) and then use the Binary class (constructFromMemoryStream() and getContainer()) to convert the stream to a container.
Using your suggestions , I am able to encrypt the file and .asc extension is getting generated , file is also transmitted to SFTP . But when from SFTP , bank ran their program to decrypt the same file , its failing with invalid key error .
Bank has shared one public key to us which we are using for signing . We have generated a private key pair from Putty generator to which private key used by us and corresponding public key we have shared to bank so as they can view the file . Using bank public key for PGP encryption , we used GPA tool to generate key string and all these 3 values we are storing in table for file transmission .
When we were doing above , GPG tool was creating one more key called secring key (on top of bank key)which helps to identify sign part .
Now this particular key value going to null everytime and bank is getting below error at their side .
Error log :
PGP validation failure: Error message: Edge Command Output: edge - Encrypted Data Gateway Engine Version 18.104.22.168 Copyright (C) 2002-2015 Authora Inc. Decrypting file: Cipher file: .NACHA.CCD_US01-000076_08092017_15.01.20.asc.4813273.20170809110124375 File has signature. Public key needed to verify signature. Public key not found (id=0xD53C04C0). File has signature. Public key needed to verify signature. Public key not found (id=0xD53C04C0). Edge Error: [31m*** Bad signature (err=1) ***
We have PGP key installed with id(0x3DA433AE) but you are using a different PGP key with id(0xD53C04C0) to sign the file .
Please use correct PGP key to sign the file and send the file again.
Could you please help here how to proceed?
Your description is confusing. You say that you use bank public key for signing ("Bank has shared one public key to us which we are using for signing"), which make little sense, and also for encryption ("Using bank public key for PGP encryption"). Then you also generated a new pair of keys, but it's not clear why.
The error message is about a signature, not encryption. It says that the file is signed with an unknown key ("Public key not found (id=0xD53C04C0)").
Issue solved . Yes it was related to signature.
We generated a new PGP key pair and using private PGP string signing the file . Shared corresponding Public key to bank and they are able to identify the signing part. Now since no on prem , we are saving all these key strings in AX table and using these values in code.
I am hoping if we move same keys to Prod , it won't be an issue but please suggest if needed for smooth prod deployment .
Need one more suggestion , how to decrypt the file coming from bank through SFTP like prior day statements . File is encrypted with Public key which we provided to bank earlier . I am not finding suitable code in bounty castle dll as well. I am able to get the file from SFTP to temp folder but not finding solution for decryption.
Business Applications communities