Setting Up New User Registration Encryption Profiles

This section provides an example of how to set up a New User Registration (NUR) encryption profile, which uses PeopleSoft Encryption Technology (PET).

Before you begin with the rest of the instructions, you need to generate keys for the algorithm keyset and encryption profile.

The key value in the keyset and Initialization Vector (IV) parameter in the encryption profile are not the same values. These values in the encryption profile should match their corresponding values in the decryption profile. The value is a hexadecimal (hex) string that begins with 0x and continues with hex digits for a particular length. A hex digit is a single character in the list 0-9 and a-f (lowercase). Both the IV and the key value have the same length. To determine the length of the key, you need the number of bits of the algorithm.

For example, the algorithm aes_ks256_cbc_encrypt requires a 256 binary digit (bit) key. Divide the key length by 4 to get the number of hex digits. For example, 256 / 4 = 64. This means that you need a 64-character hex string for a 256-bit algorithm. Generate a random hex string of the necessary length, prepend the string with 0x, and this becomes your key. Create a separate key for the keyset and for the IV parameter (in Encryption Profile).

Here is an example of an algorithm to generate a hex string of a given length.

/* Generate a random hex key of the specified length */
Arg length
hexstring=''
Do While length > 0
	length = length - 1
	digitpos = random(0,15) + 1
	hexchar = substr('0123456789abcdef',digitpos,1)
	hexstring=hexstring||hexchar
End
Say hexstring

To load the library:

  1. From the command prompt, locate the name of the encryption library for PET SSL. For example:

    ls -al|grep -i 'pet'

    You will see all libraries that contain the term pet.

  2. To load this library, go to PeopleTools > Security > Encryption > Load Encryption Libraries.

    • Library ID: PSPETSSL

    • In Library File, enter libpspetssl64.so, for example. This is the PSPETSSL library.

Define the algorithm chains for the following IDs:

  • SCC_NUR_ENCRYPT_23A

  • SCC_NUR_DECRYPT_23A

This example illustrates the fields and controls on the Algorithm Chain page for SCC_NUR_ENCRYPT_23A.

 Algorithm Chain page for SCC_NUR_ENCRYPT_23A

  1. Go to PeopleTools > Security > Encryption > Algorithm Chains.

  2. For SCC_NUR_ENCRYPT_23A, use this information:

    • Algorithm Chain ID: SCC_NUR_ENCRYPT_23A

    • In Algorithm Chain Description, enter New User Reg Encrypt 23a.

    • In Algorithm Chains, enter these IDs in the following sequence:

      • PSUnicodeToAscii

      • aes_ks256_cbc_encrypt

      • base64_encode

      • PSAsciiToUnicode

  3. For SCC_NUR_DECRYPT_23A, use this information:

    • Algorithm Chain ID: SCC_NUR_DECRYPT_23A

    • In Algorithm Chain Description, enter New User Reg Decrypt 23a.

    • In Algorithm Chains, enter these IDs in the following sequence:

      • PSUnicodeToAscii

      • base64_decode

      • aes_ks256_cbc_decrypt

      • PSAsciiToUnicode

To define the keyset for encryption and decryption:

  1. Go to PeopleTools > Security > Encryption > Encryption Algorithm Keyset.

  2. Define the keyset for encryption:

    1. Algorithm ID: aes_ks256_cbc_encrypt

    2. In Keyset ID, enter SCC_NUR_ENCRYPT_23A.

    3. Select Use Entered Value, then in Key Value, enter 0x<random 64 digit hex string>.

      You need to have generated a key value for your test. See Generate a Key.

  3. Define the keyset for decryption:

    1. Algorithm ID: aes_ks256_cbc_decrypt

    2. In Keyset ID, enter SCC_NUR_DECRYPT_23A.

    3. Select Use Entered Value, then in Key Value, enter the same value that was used for encryption.

This example illustrates the fields and controls on the Algorithm Keyset page for SCC_NUR_ENCRYPT_23A.

 Algorithm Keyset page for SCC_NUR_ENCRYPT_23A

To define the encryption profile:

  1. Go to PeopleTools > Security > Encryption > Define Encryption Profile.

  2. For SCC_NUR_ENCRYPT_23A:

    • Encryption Profile ID: SCC_NUR_ENCRYPT_23A

    • In Algorithm Chain ID, enter SCC_NUR_ENCRYPT_23A.

    • In Description, enter New User Registration Encrypt.

    • In Parameter Value for IV, enter 0x<random 64 character hex string>.

      To generate the key, see Generate a Key.

    • In Parameter Value for SYMMETRICKEY, use SCC_NUR_ENCRYPT_23A.

  3. For SCC_NUR_DECRYPT_23A:

    • Encryption Profile ID: SCC_NUR_DECRYPT_23A

    • In Algorithm Chain ID, enter SCC_NUR_DECRYPT_23A.

    • In Description, enter New User Registration Decrypt.

    • In Parameter Value for IV, use the same value as the one for encrypt IV parameter (in step 2).

    • In Parameter Value for SYMMETRICKEY, use SCC_NUR_DECRYPT_23A.

This example illustrates the fields and controls on the Encryption Profile page for SCC_NUR_ENCRYPT_23A.

 Encryption Profile page for SCC_NUR_ENCRYPT_23A

To encrypt a string:

  1. Go to PeopleTools > Security > Encryption > Test Encryption Profile.

  2. Enter any sample text to be encrypted.

  3. In Encryption Profile ID, use SCC_NUR_ENCRYPT_23A.

  4. Click Run Encryption Profile.

    The encrypted text appears.

This example illustrates the fields and controls on the Encryption Demo page for SCC_NUR_ENCRYPT_23A.

 Encryption Demo page for SCC_NUR_ENCRYPT_23A

To decrypt the string:

  1. Go to PeopleTools > Security > Encryption > Test Encryption Profile.

  2. In Encryption Profile ID, use SCC_NUR_DECRYPT_23A.

  3. Copy then paste the encrypted text you got when you encrypted a string in (Test) Encrypt a String.

  4. Click Run Encryption Profile.

    Verify that the encrypted text shows the sample text you chose to encrypt.

This example illustrates the fields and controls on the Encryption Demo page for SCC_NUR_DECRYPT_23A.

 Encryption Demo page for SCC_NUR_DECRYPT_23A