Encrypt Extracts

BI Cloud Connector supports signed and unsigned encryption using Pretty Good Privacy (PGP) for files uploaded to Universal Content Management (UCM). Optionally, you can enable signed extract files and download a generated signing key.

Before you start

Before you set up encryption, generate a key pair using PGP and export the public key from the key pair to a location from which it can be imported. Encryption is performed using an imported public key. You can use the private key from the key pair to decrypt your extracts.

To set up encryption for a data store:

Here's what to do

1. Click the Configure External Storage button in the panel tab and select the Configure External Storage link to open the Configure External Storage dialog box.
2. Select the UCM Connection Configuration tab.
3. In the Data Encryption section, select Data Encryption.
4. Click Choose File to import the certificate from the key pair you generated. In the File Upload dialog box, navigate to your key file, select it, and click Open. Click Update... to update a key. Imported certificates are stored in the GnuPG keyring on the server host.
5. Optionally, select Sign Extract File to generate a signing key for your extracts.
6. If you choose to sign the extract files, click the Download Signing Key button to save the signing key.
   1. In the Opening biccc.gpg dialog box, select Save File and click Browse to select a location to save the signing key.
   2. Click Save.
7. In the Key list, select the Key Id, then click Actions > Set as default to set a default key.
8. To delete a key, select Actions > Delete.

Results:

Encrypted extracts uploaded to UCM are stored with a suffix of .gpg.

What to do next