PGP 加密檔案PGP Encrypt File

重要

此版本的 Orchestrator 已達終止支援,建議您 升級至 Orchestrator 2019This version of Orchestrator has reached the end of support, we recommend you to upgrade to Orchestrator 2019.

「PGP 加密檔案」活動會使用您已建立的 PGP 金鑰檔案,將檔案或整個資料夾樹狀目錄加密。The PGP Encrypt File activity encrypts a file or an entire folder tree using a PGP key file that you have created. 加密整個資料夾時,資料夾樹狀目錄會從根資料夾向下保留。When encrypting an entire folder, the folder tree is preserved from the root folder down. 例如,如果您加密 C:\Documents and Settings\Administrator\My Documents\*.* 和所有子資料夾,則會加密 My Documents 中的所有檔案,以及 My Documents 底下資料夾中的所有檔案。For example, if you encrypt C:\Documents and Settings\Administrator\My Documents\*.* and all subfolders, all files in My Documents are encrypted as well as all files in folders under My Documents. 子資料夾中的所有檔案都會在輸出資料夾的相同子資料夾中。All files that are in subfolders will be in the same subfolder in the Output folder. 使用「PGP 加密檔案」活動來加密檔案,然後才加以備份。Use the PGP Encrypt File activity to encrypt files before backing them up.

若要使用此活動,您必須安裝 gpg 可執行檔。To use this activity, you must install the gpg executable.

重要

此活動支援 DSS 和 RSA4 金鑰。This activity supports DSS and RSA4 keys.
此活動不支援 RSA 金鑰。RSA keys are not supported by this activity.

安裝 GnuPGInstall GnuPG

GnuPG 是標準活動「PGP 加密檔案」和「PGP 解密檔案」用來加密和解密檔案的開放原始碼程式。GnuPG is an open-source program used by the standard activities PGP Encrypt file and PGP Decrypt file to encrypt and decrypt files. 下列程序描述如何在 Runbook 伺服器或執行 Runbook Designer 的電腦上安裝此可執行程式和相關聯的檔案。The following procedures describe how to install this executable program and associated file on a runbook server or computer that is running the Runbook Designer.

安裝 GnuPG 1.x 和 2.0.x 版Install GnuPG version 1.x and 2.0.x

使用下列步驟:Use the following steps:

  1. GnuPG 下載 gpg.exe 和 iconv.dll 1.4.10 版或更新版本。Download gpg.exe and iconv.dll, version 1.4.10 or later, from GnuPG.
  2. 儲存 gpg.exe 並 iconv.dll 至每部 runbook 伺服器上的 \Program Files (x86) \Common Files\Microsoft System Center <version> \Orchestrator\Extensions\Support\Encryption 資料夾,以及執行 Runbook Designer 的電腦。Save gpg.exe and iconv.dll to the :\Program Files (x86)\Common Files\Microsoft System Center <version>\Orchestrator\Extensions\Support\Encryption folder on each runbook server and computer that is running the Runbook Designer.

安裝 GnuPG 2.x 版Install GnuPG version 2.x

使用下列步驟:Use the following steps:

  1. GnuPG 下載 gpg.exe、gpg-agent.exe、iconv.dll、libassuan-0.dll、libgcrypt-20.dll、libgpg-error-0.dll、libnpth-0.dll、libsqlite3-0.dll 及 zlib1.dll 2.x 版或更新版本。Download gpg.exe, gpg-agent.exe, iconv.dll, libassuan-0.dll, libgcrypt-20.dll, libgpg-error-0.dll, libnpth-0.dll, libsqlite3-0.dll, and zlib1.dll version 2.x or later from GnuPG.

  2. 將 gpg.exe、gpg-agent.exe、iconv.dll、libassuan-0.dll、libgcrypt-20.dll、libgpg-error-0.dll、libnpth-0.dll、libsqlite3-0.dll 和 zlib1.dll 儲存到每部 runbook 伺服器上的: \Program files (x86) \Common files <Microsoft System Center Orchestrator <version> \Orchestrator\Extensions\Support\Encryption 資料夾,以及執行 Runbook Designer 的電腦。Save gpg.exe, gpg-agent.exe, iconv.dll, libassuan-0.dll, libgcrypt-20.dll, libgpg-error-0.dll, libnpth-0.dll, libsqlite3-0.dll and zlib1.dll to the :\Program Files(x86)\Common Files<Microsoft System Center Orchestrator <version>\Orchestrator\Extensions\Support\Encryption folder on each runbook server and computer that is running the Runbook Designer.

設定 PGP 加密檔案活動Configuring the PGP Encrypt File Activity

設定「PGP 加密檔案」活動之前,您需要決定下列各項:Before you configure the PGP Encrypt File activity, you need to determine the following:

  • 您要加密的檔案路徑。The path of the files that you want to encrypt.

  • 將儲存已加密檔案的輸出資料夾。The output folder where the encrypted files will be stored.

您可以使用下列資訊來設定「PGP 加密檔案」活動。Use the following information to configure the PGP Encrypt File activity.

詳細資料Details

設定Settings 組態指示Configuration Instructions
路徑Path 鍵入您要加密的檔案路徑。Type the path of the files that you want to encrypt. 您必須使用完整路徑名稱。You must use the full path name. 您可以使用萬用字元 ?You can use wildcards ? 和 * 指定您要加密的檔案。and * to specify the files that you want to encrypt. 此欄位只接受來自目前系統地區設定的字元。This field only accepts characters from the current system locale.
包含子目錄Include sub-directories 選取此選項,以在您指定於路徑中的資料夾下,在所有子資料夾裡找出符合所指定檔案名稱的所有檔案。Select this option to find all the files that match the filename that you specified in all the subfolders of the folder that you specified in the path.
輸出檔案夾Output folder 鍵入您要儲存已加密檔案的資料夾路徑。Type the path of the folder where you want the encrypted files to be stored.
SkipSkip 選取此選項,以在 [輸出資料夾] 中找到同名檔案時略過加密檔案。Select this option to skip encrypting a file when a file with the same name is found in the Output folder.
OverwriteOverwrite 選取此選項,以覆寫任何與所產生已加密檔案同名的檔案。Select this option to overwrite any files with same name as the resulting encrypted file.
建立唯一的名稱Create unique name 選取此選項,以在有同名檔案存在時,提供已加密檔案唯一的名稱。Select this option to give the encrypted file a unique name if a file with the same name already exists.
副檔名File extension 鍵入您想要附加至已加密檔案名稱的副檔名。Type the file name extension that you want to appended to the file name when it is encrypted. 預設副檔名是 gpg。The default extension is gpg.

進階Advanced

設定Settings 組態指示Configuration Instructions
金鑰檔案Key file 鍵入您將用來加密檔案的 PGP 金鑰檔案位置。Type the location of the PGP key file that you will use to encrypt the files. 如果您將此欄位保留空白,「PGP 加密檔案」活動會使用您在 Keyring 資料夾欄位中指定的檔案。If you leave this field blank, the PGP Encrypt File activity uses the file that you specify in the Keyring folder field. 檔案可以具有任何副檔名,但 *.asc 是標準。Files can have any file name extension, but *.asc is the standard.
Keyring 資料夾Keyring folder 鍵入資料夾的位置,資料夾內包含您將用來加密檔案的 keyring。Type the location of the folder that contains the keyring that you will use to encrypt the files. 公用 keyring 檔案 (*.pkr) 可能重新命名為 *.gpg 副檔名。The public keyring file (*.pkr) may be renamed with a *.gpg file name extension. 重要事項:「PGP 加密檔案」活動會在 keyring 資料夾中建立檔案。Important: The PGP Encrypt File activity creates files in the keyring folder. Orchestrator Runbook Service 帳戶或用來執行 Runbook 的使用者帳戶,需要讀取和寫入 keyring 資料夾的權限。The Orchestrator Runbook Service account, or the user account used to run the runbook, requires read and write permissions on the keyring folder.
UserUser 鍵入建立加密金鑰時所指定的使用者名稱。Type the user name that was specified when the encryption key was created. 這是必要的欄位。This is a required field.
註解Comment 鍵入建立加密金鑰時所指定的註解。Type the comment that was specified when the encryption key was created. 如果建立加密金鑰時已完成此欄位,使用此活動時必須提供這項資訊。If this field was completed when the encryption key was created, you must provide this information when using this activity.
電子郵件Email 鍵入建立加密金鑰時所指定的電子郵件地址。Type the email address that was specified when the encryption key was created. 這是必要的欄位。This is a required field.

已發佈資料Published Data

下表列出已發佈的資料項目。The following table lists the published data items.

ItemItem 描述Description
金鑰檔案Key file 用來加密檔案的金鑰檔案路徑。The path of the key file used to encrypt the files.
Keyring 資料夾Keyring folder Keyring 資料夾的路徑,資料夾內包含用來加密檔案的金鑰。The path of keyring folder that contains the key used to encrypt the files.
UserUser 用來加密檔案的使用者名稱。The name of the user that was used to encrypt the files.
註解Comment 用來加密檔案的註解。The comment that was used to encrypt the files.
電子郵件Email 用來加密檔案的電子郵件地址。The email address that was used to encrypt the files.
輸出資料夾Output folder 已加密檔案儲存所在資料夾的路徑。The path of the folder where the encrypted files were saved.
要加密的檔案Files to encrypt Orchestrator 嘗試加密的檔案數目。The number of files that Orchestrator attempted to encrypt.
已加密的檔案Files encrypted 已成功加密的檔案數目。The number of files that successfully encrypted.
加密的檔案名稱Encrypted filename 所產生已加密檔案的路徑。The path of the resulting encrypted file.