Generate Pub Priv Keys For File Encryption

 

This chapter contains the following:

Set up Encryption for File Transfer

You use encryption keys to encrypt files for secure transfer between Oracle HCM Cloud and your own servers through the Oracle WebCenter Content server. This PGP-based encryption support is available for secure file transfer using HCM Data Loader and HCM Extracts.

Using a private key to attach a tag to a file that guarantees that the file was provided by the holder of the private key is called signing, and the tag is called a signature. There is one popular cryptosystem (textbook RSA) where a simplified (insecure) algorithm uses has public and private keys of the same type, and decryption is identical to signature and encryption is identical to verification. You use encryption keys to encrypt files for secure transfer between Oracle HCM Cloud and your own servers through the Oracle WebCenter Content server. This PGP-based encryption support is available for secure file transfer using HCM Data Loader and HCM Extracts. Security 3 - Encryption. Cryptography - History.public key - can be shared (pub) The 2 keys are mathematically linked Many applications, used all the time on the internet Public Key Application: Digital Signatures. Generate a pub/priv pair on a machine Publish the pub key Priv key never leaves the machine Digital signature: use the priv. Have a really good working version of AES and RSA keypairs with Chilkat. However we'd like to implement new keys based on ECC keys. We've got nice and fast working examples of ECC creation and can generate the PEM's for Priv/Public keys. However i can't see any examples of using these for encryption. Mar 27, 2019  Set up SSH public key authentication. Once there, open a file authorizedkeys for editing. Again you may have to create this file, if this is your first key. In this file you should put a line like Key mykey.pub, with mykey.pub replaced by the name of your key file. To generate private (d,n) key using openssl you can use the following command: openssl genrsa -out private.pem 1024 To generate public (e,n) key from the private key using openssl you can use the following command: openssl rsa -in private.pem -out public.pem -pubout. The Red Hat Customer Portal delivers the knowledge, expertise, and guidance available through your Red Hat subscription. Creating GPG Keys Using the Command Line Red Hat Enterprise Linux 6 Red Hat Customer Portal.

The process for inbound files (into Oracle HCM Cloud) is:

  1. You encrypt files using the Oracle HCM Cloud public key.

  2. The>Encryption ModeEncryption KeyDecryption KeySigning KeyVerification Key

    Outbound PGP Signed

    customer-key_pub

    customer-key_priv

    fusion-key_priv

    fusion-key_pub

    Outbound PGP Unsigned

    customer-key_pub

    customer-key_priv

    N/A

    N/A

    Inbound PGP Signed

    fusion-key_pub

    fusion-key_priv

    customer-key_priv

    customer-key_pub

    Inbound PGP Unsigned

    fusion-key_pub

    fusion-key_priv

    N/A

    N/A

Importing Your Public Key

You use your public key (customer-key_pub) for encrypting outbound files. You can decrypt the files using your private key (customer-key_priv). If you also want outbound files to be signed, then use the HCM Cloud private key (fusion-key_priv) for signing. You can verify signed outbound files using the HCM Cloud public key (fusion-key_pub).

To import the customer public key:

  1. Sign in to Oracle HCM Cloud with the IT Security Manager job role or privileges.

  2. Select Navigator > Tools > Security Console to open the Security Console.

  3. Click the Certificates tab to open the Certificates page.

  4. Click Import to open the Import page.

  5. Set Certificate Type to PGP.

  6. In the Alias field, enter customer-key.

    Note: You must enter customer-key in this field. Otherwise, the encryption APIs can't use this key for encrypting outbound files.

  7. Click Browse to identify the location of the customer public key.

  8. Click Import and Close to import the public key into the Oracle HCM Cloud keystore.

Your public key now appears on the Security Console Certificates page.

Generating the PGP Encryption Key Pair

You generate the PGP key pair on the Security Console. You download the public key to encrypt files that are inbound into HCM Cloud (for example, input data files for HCM Data Loader). To sign these inbound files, you can use your private key (customer-key_priv), which is verified using your public key (customer-key_pub) in Oracle HCM Cloud. You must have imported the customer public key.

Pub

To generate the PGP Encryption Key Pair:

  1. Sign in to Oracle HCM Cloud with the IT Security Manager job role or privileges.

  2. Select Navigator > Tools > Security Console to open the Security Console.

  3. Click the Certificates tab to open the Certificates page.

  4. Click Generate to open the Generate dialog box.

  5. In the Generate dialog box, set Certificate Type to PGP.

  6. In the Alias field, enter fusion-key.

    Note: You must enter fusion-key in this field. Otherwise, the encryption APIs can't use this key to decrypt all encrypted inbound files.

  7. In the Passphrase field, enter a passphrase for the private key. This passphrase is needed when you edit, delete, or download the private key.

    Note: If you forget the passphrase, then you may have to raise a service request for help to delete the private key. Once the old key is deleted, you can generate a new key using the process described here.

  8. In the Key Algorithm field, select RSA.

  9. In the Key Length field, select either 1024 or 2048.

  10. Click Save and Close. The fusion-key pair is generated and ready for download. You can see the fusion-key pair on the Certificates page of the Security Console.

  11. In the Status actions for the fusion-key pair on the Certificates page, select Export > Public key. Save the HCM Cloud public key (fusion-key_pub.asc) to your desktop. Use the downloaded key to encrypt files that are inbound to Oracle HCM Cloud.

Generate pub priv keys for file encryption windows 10

Encrypt and Upload Files Automatically

Encrypt files of data with PGP encryption and transfer them automatically between your servers and Oracle WebCenter Content using APIs and web services. For example, you can encrypt and decrypt files that contain sensitive employee data or confidential documents. You write programs to collect the encrypted files from your file server. You then place them on the Oracle WebCenter Content server and call a data loader to decrypt and load the data to Oracle HCM Cloud.

Note: You must set up your encryption keys before you perform these tasks.

Supported Encryption Algorithms

Oracle HCM Cloud supports the following encryption algorithms. You must ensure that you use only supported encryption algorithms.

  • Cipher: AES-128, Blowfish, CAST5, 3DES

    Note: These cipher algorithms aren't supported: Twofish, IDEA, AES-192, and AES-256

  • Compression: bzip2, zlib, .zip, uncompressed

  • Hash: SHA-1, SHA-256, SHA-224, SHA-512, MD5, SHA-384, RIPEMD-160

Encrypting Files

This section provides the commands to encrypt files in Microsoft Windows and Linux environments using the GnuPG encryption tool. For other tools and platforms, work with your suppliers to find the necessary commands for setting the cipher algorithm.

  • Gpg4win, the official GnuPG distribution for Microsoft Windows, provides both a command-line interface and a graphical user interface for encryption, decryption, signing, and verification. For encryption, use the command-line interface. You can find Gpg4win here: https://www.gpg4win.org/about.html.

  • You can download GnuPG for Linux from various sources, depending on the Linux distribution that you're using. Commonly used GnuPG versions can be found here: https://www.gnupg.org/index.html.

After installing the Gpg4win or GnuPG tool, follow these steps to encrypt or encrypt and sign a file:

  1. Import the HCM Cloud public key (downloaded from the Security Console) using this command at the command prompt:

  2. Perform one of these steps.

    • To encrypt a file without signing, use this command:

    • To both encrypt and sign a file, use this command:

      Note: When signing files, ensure that your private key is imported into the keystore that's used for signing.

Generate Pub Priv Keys For File Encryption Windows 10

Loading Encrypted Files

Perform the following steps to load encrypted files to Oracle HCM Cloud from the Oracle WebCenter Content server.

  1. Write programs to send your encrypted files to Oracle WebCenter Content, using the Oracle WebCenter Content Web Services. If your home page is: https://Hostname/homePage/faces/AtkHomePageWelcome, then the Oracle WebCenterContent Server WSDL is: https://Hostname/idcws/GenericSoap?wsdl.

  2. Call the loader program to pass the encryption parameter with other required parameters. The loaderIntegrationService uses the submitEncryptedBatch method, which has an additional parameter named encryptType. This parameter has the following values, which are defined in the ORA_HRC_FILE_ENCRYPT_TYPE lookup type:

    • NONE

    • PGPSIGNED

    • PGPUNSIGNED

Transfer Files Automatically from HCM Extracts with PGP Encryption

Transfer encrypted files to Oracle WebCenter Content using HCM Extracts and your encryption key. HCM Extracts can generate encrypted output and store it on the WebCenter Content server. For example, you can encrypt and decrypt files that contain sensitive employee data or confidential documents. Use HCM Extracts to generate encrypted files and deliver them to the WebCenter Content server. You write your own programs to collect the files.

Note: You must set up your encryption keys before you try to encrypt or decrypt data.

Outbound Integrations

Set up the following information to use HCM Extracts with your outbound integrations:

  1. In the Data Exchange work area, select the Manage Extract Definitions task.

  2. Select the WebCenter Content delivery type on the Deliver page.

  3. Enter an Integration Name. The application uses this name to create the title of the entry in WebCenter Content.

  4. Select an Encryption Mode. The encryption mode is one of the values from the ORA_HRC_FILE_ENCRYPT_TYPE lookup type. It determines how the application encrypts the file before loading it to WebCenter Content. When HCM Extracts transfers the file to WebCenter Content it generates a content ID automatically with the following format: UCMFAnnnnnn.

    The file includes the following properties:

    Field NameValue

    Author

    FUSION_APPS_HCM_ESS_APPID

    Security Group

    FAFusionImportExport

    Account

    hcm/dataloader/export

    Title

    HEXTV1CON_{Integration Name}_{Encryption Type}_{Date Time Stamp}

    For example: HEXTV1CON_ExtractConn1_PGPUNSIGNED_17-11-2014 14-16-44

  5. Configure the HCM Extract delivery option to output an XML (data) file directly to WebCenter Content without formatting it in BI Publisher. Microsoft office 2013 product key generator for windows 8.1. You can achieve this by selecting Data as the output format, omitting a template name, and selecting the WebCenter Content Delivery Type.

  6. Download the encrypted files from WebCenter Content using client command-line tools or a web service call.

Decryption of Outbound Files

Using your private key, you can decrypt encrypted files that are generated from Oracle HCM Cloud. To verify signed files, you use the Oracle HCM Cloud public key. Ensure that these two keys are imported into the keystore. For both Microsoft Windows and Linux, use this command to decrypt both signed and unsigned files:

Related Topics

This chapter contains the following:

Setting up Encryption for File Transfer: Procedure

You use encryption keys to encrypt files for secure transfer between Oracle HCM Cloud and your own servers through the Oracle WebCenter Content server. This PGP-based encryption support is available for secure file transfer using HCM Data Loader, payroll batch loader, and HCM Extracts.

The process for inbound files (into Oracle HCM Cloud) is:

  1. You encrypt files using the Oracle HCM Cloud public key.

  2. The>Encryption ModeEncryption KeyDecryption KeySigning KeyVerification Key

    Outbound PGP Signed

    customer-key_pub

    customer-key_priv

    fusion-key_priv

    fusion-key_pub

    Outbound PGP Unsigned

    customer-key_pub

    customer-key_priv

    N/A

    N/A

    Inbound PGP Signed

    fusion-key_pub

    fusion-key_priv

    customer-key_priv

    customer-key_pub

    Inbound PGP Unsigned

    fusion-key_pub

    fusion-key_priv

    N/A

    N/A

Importing Your Public Key

Your public key (customer-key_pub) is used for encryption of outbound files. You can decrypt the files using your private key (customer-key_priv). If you also want outbound files to be signed, then the HCM Cloud private key (fusion-key_priv) is used for signing. You can verify signed outbound files using the HCM Cloud public key (fusion-key_pub).

To import the customer public key:

  1. Sign in to Oracle HCM Cloud with the IT Security Manager job role or privileges.

  2. Select Navigator > Tools > Security Console to open the Security Console.

  3. Click the Certificates tab to open the Certificates page.

  4. Click Import to open the Import page.

  5. Set Certificate Type to PGP.

  6. In the Alias field, enter customer-key.

    Note: You must enter customer-key in this field. Otherwise, the encryption APIs can't use this key for encrypting outbound files.

  7. Click Browse to identify the location of the customer public key.

  8. Click Import and Close to import the public key into the Oracle HCM Cloud keystore.

Your public key now appears on the Security Console Certificates page.

Generating the PGP Encryption Key Pair

You generate the PGP key pair on the Security Console. You download the public key to encrypt files that are inbound into HCM Cloud (for example, input data files for HCM Data Loader). To sign these inbound files, you can use your private key (customer-key_priv), which is verified using your public key (customer-key_pub) in Oracle HCM Cloud. You must have imported the customer public key.

To generate the PGP Encryption Key Pair:

  1. Sign in to Oracle HCM Cloud with the IT Security Manager job role or privileges.

  2. Select Navigator > Tools > Security Console to open the Security Console.

  3. Click the Certificates tab to open the Certificates page.

  4. Click Generate to open the Generate dialog box.

  5. In the Generate dialog box, set Certificate Type to PGP.

  6. In the Alias field, enter fusion-key.

    Note: You must enter fusion-key in this field. Otherwise, the encryption APIs can't use this key to decrypt all encrypted inbound files.

  7. In the Passphrase field, enter a passphrase for the private key. This passphrase is needed when you edit, delete, or download the private key.

    Note: If you forget the passphrase, then you may have to raise a service request for help to delete the private key. Once the old key is deleted, you can generate a new key using the process described here.

  8. In the Key Algorithm field, select RSA.

  9. In the Key Length field, select either 1024 or 2048.

  10. Click Save and Close. The fusion-key pair is generated and ready for download. You can see the fusion-key pair on the Certificates page of the Security Console.

  11. In the Status actions for the fusion-key pair on the Certificates page, select Export > Public key. Save the HCM Cloud public key (fusion-key_pub.asc) to your desktop. Use the downloaded key to encrypt files that are inbound to Oracle HCM Cloud.

Encrypting and Uploading Files Automatically: Procedure

Encrypt files of data with PGP encryption and transfer them automatically between your servers and Oracle WebCenter Content using APIs and web services. For example, you can encrypt and decrypt files that contain sensitive employee data or confidential documents. You write programs to collect the encrypted files from your file server. You then place them on the Oracle WebCenter Content server and call a data loader to decrypt and load the data to Oracle HCM Cloud.

Note: You must set up your encryption keys before you perform these tasks.

Supported Encryption Algorithms

Oracle HCM Cloud supports the following encryption algorithms. You must ensure that you use only supported encryption algorithms.

  • Cipher: AES-128, Blowfish, CAST5, 3DES

    Note: These cipher algorithms aren't supported: Twofish, IDEA, AES-192, and AES-256

  • Compression: bzip2, zlib, .zip, uncompressed

  • Hash: SHA-1, SHA-256, SHA-224, SHA-512, MD5, SHA-384, RIPEMD-160

Generate Pub Priv Keys For File Encryption Mac

Encrypting Files

This section provides the commands to encrypt files in Microsoft Windows and Linux environments using the GnuPG encryption tool. For other tools and platforms, work with your suppliers to find the necessary commands for setting the cipher algorithm.

  • Gpg4win, the official GnuPG distribution for Microsoft Windows, provides both a command-line interface and a graphical user interface for encryption, decryption, signing, and verification. For encryption, use the command-line interface. You can find Gpg4win here: https://www.gpg4win.org/about.html.

  • You can download GnuPG for Linux from various sources, depending on the Linux distribution that you're using. Commonly used GnuPG versions can be found here: https://www.gnupg.org/index.html.

After installing the Gpg4win or GnuPG tool, follow these steps to encrypt or encrypt and sign a file:

  1. Import the HCM Cloud public key (downloaded from the Security Console) using this command at the command prompt:

  2. Perform one of these steps.

    • To encrypt a file without signing, use this command:

    • To both encrypt and sign a file, use this command:

      Note: When signing files, ensure that your private key is imported into the keystore that's used for signing.

Loading Encrypted Files

Perform the following steps to load encrypted files to Oracle HCM Cloud from the Oracle WebCenter Content server.

  1. Write programs to send your encrypted files to Oracle WebCenter Content, using the Oracle WebCenter Content Web Services. If your home page is: https://Hostname/homePage/faces/AtkHomePageWelcome, then the Oracle WebCenterContent Server WSDL is: https://Hostname/idcws/GenericSoap?wsdl.

  2. Call the loader program to pass the encryption parameter with other required parameters. The loaderIntegrationService uses the submitEncryptedBatch method, which has an additional parameter named encryptType. This parameter has the following values, which are defined in the ORA_HRC_FILE_ENCRYPT_TYPE lookup type:

    • NONE

    • PGPSIGNED

    • PGPUNSIGNED

Transferring Files Automatically from HCM Extracts with PGP Encryption: Procedure

Transfer encrypted files to Oracle WebCenter Content using HCM Extracts and your encryption key. HCM Extracts can generate encrypted output and store it on the WebCenter Content server. For example, you can encrypt and decrypt files that contain sensitive employee data or confidential documents. Use HCM Extracts to generate encrypted files and deliver them to the WebCenter Content server. You write your own programs to collect the files.

Note: You must set up your encryption keys before you try to encrypt or decrypt data.

Generate Pub Priv Keys For File Encryption Windows 10

Outbound Integrations

Generate Pub Priv Keys For File Encryption Software

Set up the following information to use HCM Extracts with your outbound integrations:

  1. In the Data Exchange work area, select the Manage Extract Definitions task.

  2. Select the WebCenter Content delivery type on the Deliver page.

  3. Enter an Integration Name. The application uses this name to create the title of the entry in WebCenter Content.

  4. Select an Encryption Mode. The encryption mode is one of the values from the ORA_HRC_FILE_ENCRYPT_TYPE lookup type. It determines how the application encrypts the file before loading it to WebCenter Content. When HCM Extracts transfers the file to WebCenter Content it generates a content ID automatically with the following format: UCMFAnnnnnn.

    The file includes the following properties:

    Field NameValue

    Author

    FUSION_APPS_HCM_ESS_APPID

    Security Group

    FAFusionImportExport

    Account

    hcm/dataloader/export

    Title

    HEXTV1CON_{Integration Name}_{Encryption Type}_{Date Time Stamp}

    For example: HEXTV1CON_ExtractConn1_PGPUNSIGNED_17-11-2014 14-16-44

  5. Configure the HCM Extract delivery option to output an XML (data) file directly to WebCenter Content without formatting it in BI Publisher. You can achieve this by selecting Data as the output format, omitting a template name, and selecting the WebCenter Content Delivery Type.

  6. Download the encrypted files from WebCenter Content using client command-line tools or a web service call.

Decryption of Outbound Files

Generate Pub Priv Keys For File Encryption Free

Using your private key, you can decrypt encrypted files that are generated from Oracle HCM Cloud. To verify signed files, you use the Oracle HCM Cloud public key. Ensure that these two keys are imported into the keystore. For both Microsoft Windows and Linux, use this command to decrypt both signed and unsigned files:

Generate Pub Priv Keys For File Encryption Tool

Related Topics