RSA Signature Keys

RSA signature key pairs are used in the following cases:

Certain processes in the system may need to write files to or read files from Oracle Cloud Object Storage. Cloud object storage has its own method for encrypting files, and products using the framework application do not need to define additional configuration for that. However, when communicating with cloud object storage, the application is required to provide a signature key.

Refer to External File Storage for more information about configuring the system to connect to cloud object storage.
Customers may need the ability to authorize a customer service representative (CSR) to view the customer's account information in a customer facing portal. A signature key is required to support secure communication with the endpoint.

Refer to User Redirection for more information about configuring the system to enable this type of redirection.

The product provides an RSA Signature Key Pair business object that supports the following functions:

Generating a key pair, public and private. The private key is stored in an appropriate "secret store" and the public key is available to copy and share with a third party.
Viewing the public key, allowing a user to copy it to register it with cloud object storage.
Activating the new key pair (to be done after registering the new public key).
Inactivating an expired key.
Key rotation. For increased security, a new key pair should be generated periodically.
Deactivating all keys for the key ring.