Troubleshooting PGP issues
When sending or receiving PGP encrypted files, the most common problem is mismatched PGP keys: the file was not encrypted with the public key that goes with the private key that decrypts it.
For imported files, the file should be encrypted with one of the Medallia public PGP keys. Using a decryption tool (like the GNU Privacy Guard gpg
tool), try to decrypt the file. The decryption will fail, but the failure message will report the user ID of the public key. Medallia public keys include "Medallia" in the ID. If you do not see "Medallia" in the ID, the file was not encrypted with a Medallia public key.
Unexpected error: No such file or directory and No secret key
When first setting up and using PGP it is possible to see a "No such file or directory" error, similar to this:
In this scenario, contact Support for assistance in getting this set up on your instance. See Contact Medallia Support for help.
Incompatible encryption key warning
When exporting files, it is possible to see a warning message that begins:
Contact Support for guidance on what might be wrong with the key. Include the actual key itself in the request. See Contact Medallia Support for help.
Encryption failed: no suitable encryption key found
When first setting up and using PGP, it is possible to see a "incompatible encryption key set" error, similar to this:
This happens when the PGP-key-generation mechanism uses a non-best-practice approach to PGP key generation — like using keys without valid subkeys with the expected key flags — which may be flagged by our libraries.
Note that compatible keys have a subkey with an "encryption" usage flag:
Contact Support for guidance on what might be wrong with the key. See Contact Medallia Support for help.
Decryption failed: format error in ASCII Armor file
When you share an encrypted file that (1) is encoded in ASCII Armor, (2) has blank contents when decrypted, and (3) has a format error in the ASCII Armor file, the decryption process fails, even though it would otherwise pass if the file is not blank.
The key factors in this scenario are:
The blank contents
The format error
Do not send blank text files for testing purposes, send "this is a test" so we can see the contents of the file.
We recommend that you use PGP binary data encoding rather than the ASCII Armor encoding, as the binary data encoding is harder to misformat and is more storage-efficient.
Enhance SFTP security with passphrases
Although not all Experience Cloud modules require the use of passphrases for SFTP private keys, some do. Given that passphrases enhance security, we recommend incorporating passphrases for all newly generated private keys and appending them to any pre-existing ones.