Return to Navigation

Changing the Credit Card Encryption Key

This topic describes how to change the credit card encryption key.

You can change the credit card encryption key at any time.

Page Name

Definition Name

Usage

Credit Card Number Re-Encrypt Page

FS_CC_CNVRT

Change the key used to encrypt credit card numbers. Run the utility to re-encrypt credit card numbers using a new encryption key.

To change the encryption key at any time after the initial conversion, you must first re-encrypt all credit card data.

To re-encrypt credit card data:

  1. If this is the first re-encryption following the initial conversion and you have not secured the FS_CC_CNVRT component, complete the steps in the “Securing the Credit Card Components” section in this topic.

    See Securing the Credit Card Component.

    Complete the steps for the FS_CC_CNVRT component only. Securing FS_CC_CNVRT secures both the FS_CC_CNVRT component and the FS_CC_CNVRT portal registry.

  2. Navigate to select Set Up CRM, then select Utilities, then select Credit Card Encryption, then select Change Encryption Key.

  3. Click the Generate Random Key button to generate a new random hexadecimal encryption key.

    Clicking this button generates a new, random hexadecimal encryption key. You can modify this key, but you must format it as a 24-byte string in hexadecimal notation. The first two characters must be 0x, and the remainder must be exactly 48 characters and consist of both numeric digits and the lowercase letters a through f.

  4. If the values in the Re-encrypt Action column are not Decrypt, then Encrypt, click the Crypt Action button until Decrypt, then Encrypt appears in the column.

  5. Click the Run button to start the conversion process.

    The Credit Card Conversion process converts each field in the grid. If the process fails for any reason, you can restart the process; it will resume where it stopped. If you can not restart the process, run it from the beginning. The system will bypass fields that have already been processed.

Use the Credit Card Number Re-Encrypt page (FS_CC_CNVRT) to change the key used to encrypt credit card numbers.

Run the utility to re-encrypt credit card numbers using a new encryption key.

Navigation

select Set Up CRM, then select Utilities, then select Credit Card, then select Change Encryption Key

Image: Credit Card Number Re-Encrypt page

This example illustrates the fields and controls on the Credit Card Number Re-Encrypt page.

Credit Card Number Re-Encrypt page

Field or Control

Definition
Crypt Action

Toggle the value in the Re-Encrypt Action column in the grid.
Generate Random Key

Generate a random key in the format needed by the encryption algorithms used for credit card encryption and decryption profiles.
(Encryption key)

If you want to modify the generated key or enter your own, you must format it as a 24-byte hex string. The first two characters must be 0x and the remainder must be exactly 48 characters that consist of both numeric digits and the lowercase letters a through f.

Record (Table) Name

Displays the record name.
Field Name

Displays the field name.
Re-Encrypt Action

Values include:

  • Decrypt, then Encrypt: Re-encrypt data currently encrypted with the Pluggable Cryptography credit card encryption profile.

  • No Action: Indicates that the utility has converted the record. If an error occurs and you rerun the process, records for which No Action is displayed are not reprocessed.