Generating Pgp Encryption Key Bank Oracle Cloud

Posted on by admin

This chapter contains the following:

  1. Generating Pgp Encryption Key Bank Oracle Cloud Account
  2. Generating Pgp Encryption Key Bank Oracle Cloud Download
  3. Generating Pgp Encryption Key Bank Oracle Cloud Mn
  4. Pgp Encryption Software Windows

Mar 01, 2017 Step 1 - Generate the key pair. 1) Log into Fusion. 2) From the Navigator, launch the Security Console. 3) Select the 'Certificates' tab to view the keys installed on your pod. 4) Press the 'Generate' button to display the generate certificate form. 5) Select 'PGP' as the certificate type. 6) Enter the key details. Enter 'fusion-key' for the alias. Oracle Fusion Financials Common Module Cloud Service - Version 11.12.1.0.0 to 11.12.1.0.0 Release 1.0 Information in this document applies to any platform. Goal This document details how to setup the Public/Private key encryption for an external (to the Oracle Cloud) FTP Server in a Fusion Applications BI Publisher installation. Select one of the following options: Use the following public key from the PGP Key Pair list. Click the browse button on the right, and select a PGP key pair configured in the Certificate Store. For details on configuring PGP key pairs, see the topic on Certificates and Keys. Now that it's time to generate the PGP encryption key pair, you'll need to head over to the Security Console. Get started by signing into Oracle HCM Cloud, again making sure you're equipped with the IT Security Manager job role or privileges. Open the Security Console by selecting Navigator Tools Security Console. Here's How You Generate the PGP Encryption Key Pair on the Security Console Sign in to the Oracle HCM Cloud with the IT Security Manager job role or privileges. Select Navigator Tools Security Console to open the Security Console. Click the Certificates tab to open the Certificates page.

Overview of Certificates

Certificates establish keys for the encryption and decryption of data that Oracle Cloud applications exchange with other applications. Use the Certificates page in the Security Console functional area to work with certificates in either of two formats, PGP and X.509.

For each format, a certificate consists of a public key and a private key. The Certificates page displays one record for each certificate. Each record reports these values:

  • Type: For a PGP certificate, 'Public Key' is the only type. For an X.509 certificate, the type is either 'Self-Signed Certificate' or 'Trusted Certificate' (one signed by a certificate authority).

  • Private Key: A check mark indicates that the certificate's private key is present. For either certificate format, the private key is present for your own certificates (those you generate in the Security Console). The private key is absent when a certificate belongs to an external source and you import it through the Security Console.

  • Status: For a PGP certificate, the only value is 'Not Applicable.' (A PGP certificate has no status.) For an X.509 certificate, the status is derived from the certificate.

Click the Actions menu to take an appropriate action for a certificate. Actions include:

  • Generate PGP or X.509 certificates.

  • Generate signing requests to transform X.509 certificates from self-signed to trusted.

  • Export or import PGP or X.509 certificates.

  • Delete certificates.

Types of Certificates

For a PGP or X.509 certificate, one operation creates both the public and private keys. From the Certificates page, select the Generate option. In a Generate page, select the certificate format, then enter values appropriate for the format.

For a PGP certificate, these values include:

  • An alias (name) and passphrase to identify the certificate uniquely.

  • The type of generated key: DSA or RSA.

  • Key length: 512, 1024, or 2048.

  • Encryption algorithm option for key generation: AES128, AES256

For an X.509 certificate, these values include:

  • An alias (name) and private key password to identify the certificate uniquely.

  • A common name, which is an element of the 'distinguished name' for the certificate. The common name identifies the entity for which the certificate is being created, in its communications with other web entities. It must match the name of the entity presenting the certificate. The maximum length is 64 characters.

  • Optionally, other identifying values: Organization, Organization Unit, Locality, State/Province, and Country. These are also elements of the distinguished name for the certificate, although the Security Console doesn't perform any validation on these values.

  • An algorithm by which keys are generated, MD5 or SHA1.

  • A key length.

  • A validity period, in days. This period is preset to a value established on the General Administration page. You can enter a new value to override the preset value.

Sign a X.509 Certificate

You can generate a request for a certificate authority (CA) to sign a self-signed X.509 certificate, to make it a trusted certificate. (This process doesn't apply to PGP certificates.)

  1. Select Generate Certificate Signing Request. This option is available in either of two menus:

    • One menu opens in the Certificates page, from the row for a self-signed X.509 certificate.

    • The other menu is the Actions menu in the details page for that certificate.

  2. Provide the private key password for the certificate, then select a file location.

  3. Save the request file. Its default name is [alias]_CSR.csr.

You are expected to follow a process established by your organization to forward the file to a CA. You would import the trusted certificate returned in response.

Import and Export X.509 Certificates

For an X.509 certificate, you import or export a complete certificate in a single operation.

To export:

  1. From the Certificates page, select the menu available in the row for the certificate you want to export. Or open the details page for that certificate and select its Actions menu.

  2. In either menu, select Export, then Certificate.

  3. Select a location for the export file. By default, this file is called [alias].cer.

To import, use either of two procedures. Select the one appropriate for what you want to do:

  • The first procedure replaces a self-signed certificate with a trusted version (one signed by a CA) of the same certificate. (A prerequisite is that you have received a response to a signing request.)

    1. In the Certificates page, locate the row for the self-signed certificate, and open its menu. Or, open the details page for the certificate, and select its Actions menu. In either menu, select Import.

    2. Enter the private key password for the certificate.

    3. Browse for and select the file returned by a CA in response to a signing request, and click the Import button.

    In the Certificates page, the type value for the certificate changes from self-signed to trusted.

  • The second procedure imports a new X.509 certificate. You can import a .cer file, or you can import a keystore that contains one or more certificates.

    1. In the Certificates page, click the Import button. An Import page opens.

    2. Select X.509, then choose whether you're importing a certificate or a keystore.

    3. Enter identifying values, which depend on what you have chosen to import. In either case, enter an alias (which, if you're importing a .cer file, need not match its alias). For a keystore, you must also provide a keystore password and a private key password.

    4. Browse for and select the import file.

    5. Select Import and Close.

Import and Export PGP Certificates

For a PGP certificate, you export the public and private keys for a certificate in separate operations. You can import only public keys. (The assumption is that you will import keys from external sources, who wouldn't provide their private keys to you.)

To export:

  1. From the Certificates page, select the menu available in the row for the certificate you want to export. Or open the details page for that certificate and select its Actions menu.

  2. In either menu, select Export, then Public Key or Private Key.

  3. If you selected Private Key, provide its passphrase. (The public key doesn't require one.)

  4. Select a location for the export file. By default, this file is called [alias]_pub.asc or [alias]_priv.asc.

To import a new PGP public key:

  1. On the Certificates page, select the Import button.

  2. In the Import page, select PGP and specify an alias (which need not match the alias of the file you're importing).

  3. Browse for the public-key file, then select Import and Close.

The Certificates page displays a record for the imported certificate, with the Private Key cell unchecked.

Use a distinct import procedure if you need to replace the public key for a certificate you have already imported, and don't want to change the name of the certificate:

  1. In the Certificates page, locate the row for the certificate whose public key you have imported, and open its menu. Or, open the details page for the certificate, and select its Actions menu. In either menu, select Import.

  2. Browse for the public-key file, then select Import.

Delete Certificates

You can delete both PGP and X.509 certificates:

  1. In the Certificates page, select the menu available in the row for the certificate you want to delete. Or, in the details page for that certificate, select the Actions menu.

  2. In either menu, select Delete.

  3. Respond to a warning message. If the certificate's private key is present, you must enter the passphrase (for a PGP certificate) or private key password (for an X.509 certificate) as you respond to the warning. Either value would have been created as your organization generated the certificate.

This chapter contains the following:

Setting up Encryption for File Transfer: Procedure

You use encryption keys to encrypt files for secure transfer between Oracle HCM Cloud and your own servers through the Oracle WebCenter Content server. This PGP-based encryption support is available for secure file transfer using HCM Data Loader, payroll batch loader, and HCM Extracts.

The process for inbound files (into Oracle HCM Cloud) is:

Generating Pgp Encryption Key Bank Oracle Cloud Account

  1. You encrypt files using the Oracle HCM Cloud public key.

  2. The>Encryption ModeEncryption KeyDecryption KeySigning KeyVerification Key Crypto key generate cisco 9904.

    Outbound PGP Signed

    customer-key_pub

    customer-key_priv

    fusion-key_priv

    fusion-key_pub

    Outbound PGP Unsigned

    customer-key_pub

    customer-key_priv

    N/A

    N/A

    Inbound PGP Signed

    fusion-key_pub

    fusion-key_priv

    customer-key_priv

    customer-key_pub

    Inbound PGP Unsigned

    fusion-key_pub

    fusion-key_priv

    N/A

    N/A

Importing Your Public Key

Your public key (customer-key_pub) is used for encryption of outbound files. You can decrypt the files using your private key (customer-key_priv). If you also want outbound files to be signed, then the HCM Cloud private key (fusion-key_priv) is used for signing. You can verify signed outbound files using the HCM Cloud public key (fusion-key_pub).

To import the customer public key:

  1. Sign in to Oracle HCM Cloud with the IT Security Manager job role or privileges.

  2. Select Navigator > Tools > Security Console to open the Security Console.

  3. Click the Certificates tab to open the Certificates page.

  4. Click Import to open the Import page.

  5. Set Certificate Type to PGP.

  6. In the Alias field, enter customer-key.

    Note: You must enter customer-key in this field. Otherwise, the encryption APIs can't use this key for encrypting outbound files.

  7. Click Browse to identify the location of the customer public key.

  8. Click Import and Close to import the public key into the Oracle HCM Cloud keystore.

Your public key now appears on the Security Console Certificates page.

Generating the PGP Encryption Key Pair

Generating Pgp Encryption Key Bank Oracle Cloud Download

You generate the PGP key pair on the Security Console. You download the public key to encrypt files that are inbound into HCM Cloud (for example, input data files for HCM Data Loader). To sign these inbound files, you can use your private key (customer-key_priv), which is verified using your public key (customer-key_pub) in Oracle HCM Cloud. You must have imported the customer public key.

To generate the PGP Encryption Key Pair:

  1. Sign in to Oracle HCM Cloud with the IT Security Manager job role or privileges.

  2. Select Navigator > Tools > Security Console to open the Security Console.

  3. Click the Certificates tab to open the Certificates page.

  4. Click Generate to open the Generate dialog box.

  5. In the Generate dialog box, set Certificate Type to PGP.

  6. In the Alias field, enter fusion-key.

    Note: You must enter fusion-key in this field. Otherwise, the encryption APIs can't use this key to decrypt all encrypted inbound files.

  7. In the Passphrase field, enter a passphrase for the private key. This passphrase is needed when you edit, delete, or download the private key.

    Note: If you forget the passphrase, then you may have to raise a service request for help to delete the private key. Once the old key is deleted, you can generate a new key using the process described here.

  8. In the Key Algorithm field, select RSA.

  9. In the Key Length field, select either 1024 or 2048.

  10. Click Save and Close. The fusion-key pair is generated and ready for download. You can see the fusion-key pair on the Certificates page of the Security Console.

  11. In the Status actions for the fusion-key pair on the Certificates page, select Export > Public key. Save the HCM Cloud public key (fusion-key_pub.asc) to your desktop. Use the downloaded key to encrypt files that are inbound to Oracle HCM Cloud.

Encrypting and Uploading Files Automatically: Procedure

Encrypt files of data with PGP encryption and transfer them automatically between your servers and Oracle WebCenter Content using APIs and web services. For example, you can encrypt and decrypt files that contain sensitive employee data or confidential documents. You write programs to collect the encrypted files from your file server. You then place them on the Oracle WebCenter Content server and call a data loader to decrypt and load the data to Oracle HCM Cloud.

Note: You must set up your encryption keys before you perform these tasks.

Supported Encryption Algorithms

Oracle HCM Cloud supports the following encryption algorithms. You must ensure that you use only supported encryption algorithms.

  • Cipher: AES-128, Blowfish, CAST5, 3DES

    Note: These cipher algorithms aren't supported: Twofish, IDEA, AES-192, and AES-256

  • Compression: bzip2, zlib, .zip, uncompressed

  • Hash: SHA-1, SHA-256, SHA-224, SHA-512, MD5, SHA-384, RIPEMD-160

Encrypting Files

This section provides the commands to encrypt files in Microsoft Windows and Linux environments using the GnuPG encryption tool. For other tools and platforms, work with your suppliers to find the necessary commands for setting the cipher algorithm.

  • Gpg4win, the official GnuPG distribution for Microsoft Windows, provides both a command-line interface and a graphical user interface for encryption, decryption, signing, and verification. For encryption, use the command-line interface. You can find Gpg4win here: https://www.gpg4win.org/about.html.

  • You can download GnuPG for Linux from various sources, depending on the Linux distribution that you're using. Commonly used GnuPG versions can be found here: https://www.gnupg.org/index.html.

After installing the Gpg4win or GnuPG tool, follow these steps to encrypt or encrypt and sign a file:

  1. Import the HCM Cloud public key (downloaded from the Security Console) using this command at the command prompt:

  2. Perform one of these steps.

    • To encrypt a file without signing, use this command:

    • To both encrypt and sign a file, use this command:

      Note: When signing files, ensure that your private key is imported into the keystore that's used for signing.

Loading Encrypted Files

Perform the following steps to load encrypted files to Oracle HCM Cloud from the Oracle WebCenter Content server.

  1. Write programs to send your encrypted files to Oracle WebCenter Content, using the Oracle WebCenter Content Web Services. If your home page is: https://Hostname/homePage/faces/AtkHomePageWelcome, then the Oracle WebCenterContent Server WSDL is: https://Hostname/idcws/GenericSoap?wsdl.

  2. Call the loader program to pass the encryption parameter with other required parameters. The loaderIntegrationService uses the submitEncryptedBatch method, which has an additional parameter named encryptType. This parameter has the following values, which are defined in the ORA_HRC_FILE_ENCRYPT_TYPE lookup type:

    • NONE

    • PGPSIGNED

    • PGPUNSIGNED

Transferring Files Automatically from HCM Extracts with PGP Encryption: Procedure

Transfer encrypted files to Oracle WebCenter Content using HCM Extracts and your encryption key. HCM Extracts can generate encrypted output and store it on the WebCenter Content server. For example, you can encrypt and decrypt files that contain sensitive employee data or confidential documents. Use HCM Extracts to generate encrypted files and deliver them to the WebCenter Content server. You write your own programs to collect the files.

Note: You must set up your encryption keys before you try to encrypt or decrypt data.

Outbound Integrations

Set up the following information to use HCM Extracts with your outbound integrations:

  1. In the Data Exchange work area, select the Manage Extract Definitions task.

  2. Select the WebCenter Content delivery type on the Deliver page.

  3. Enter an Integration Name. The application uses this name to create the title of the entry in WebCenter Content.

  4. Select an Encryption Mode. The encryption mode is one of the values from the ORA_HRC_FILE_ENCRYPT_TYPE lookup type. It determines how the application encrypts the file before loading it to WebCenter Content. When HCM Extracts transfers the file to WebCenter Content it generates a content ID automatically with the following format: UCMFAnnnnnn.

    The file includes the following properties:

    Field NameValue

    Author

    FUSION_APPS_HCM_ESS_APPID

    Security Group

    FAFusionImportExport

    Account

    hcm/dataloader/export

    Title

    HEXTV1CON_{Integration Name}_{Encryption Type}_{Date Time Stamp}

    For example: HEXTV1CON_ExtractConn1_PGPUNSIGNED_17-11-2014 14-16-44

  5. Configure the HCM Extract delivery option to output an XML (data) file directly to WebCenter Content without formatting it in BI Publisher. You can achieve this by selecting Data as the output format, omitting a template name, and selecting the WebCenter Content Delivery Type.

  6. Download the encrypted files from WebCenter Content using client command-line tools or a web service call.

Decryption of Outbound Files

Generating Pgp Encryption Key Bank Oracle Cloud Mn

Using your private key, you can decrypt encrypted files that are generated from Oracle HCM Cloud. To verify signed files, you use the Oracle HCM Cloud public key. Ensure that these two keys are imported into the keystore. For both Microsoft Windows and Linux, use this command to decrypt both signed and unsigned files:

Pgp Encryption Software Windows

Related Topics