Encrypting and Signing Files
Some files created by data export related batch processes, may need to be encrypted and/or digitally signed for security purposes. Similarly, batch upload processes may need to verify the signature and/or decrypt the content of the file being imported.
New batch parameters control whether encryption or digital signing applies to files extracted or uploaded by the process. Both encryption and signing use Pretty Good Privacy (PGP) standards.
Processes that include a file name parameter, such as those using the plug-in driven extract template, support a file name extension of '.pgp'. Files ending with this extension are encrypted and/or signed using the encryption key parameters described in the next section.
Processes that have an internally constructed format for the file name, such as those using the generalized initial export template, perform encryption and/or signing according to whether the encryption parameters are supplied. An extension of '.pgp' is added to the constructed file name.
Extract Process Encryption Parameters
| Parameter Name | Description | Additional Comments |
|---|---|---|
| encryptExternalKey | Use this key ring parameter to configure the external key provided by the recipient of the file. | If populated, the batch output file will be encrypted using a runtime generated key. The generated key will be encrypted using the active public key stored on the key ring. The recipient will use their private key to decrypt the generated key so the file may be decrypted. Only external public key rings may be used. |
| encryptSignatureKey | Use this key ring parameter to configure the internal key used to sign the file. | If populated, the batch output file will be signed using the active private key stored on the key ring. The assumption is that the corresponding public key has been shared with the recipient. Only internal file encrypting / signing key rings may be used. |
Upload Process Encryption Parameters
| Parameter Name | Description | Additional Comments |
|---|---|---|
| decryptInternalKey | Use this key ring parameter to configure the internal key to be used to decrypt the file to be uploaded. | If populated, the generated key received with the input file will be decrypted using the active private key stored on the key ring. The data is then decrypted using the generated key. Only internal file encrypting / signing key rings may be used. |
| decryptSignatureKey | Use this key ring parameter to configure the public signature key provided by the sender of the file. | If populated, the input file signature will be verified using the active public key stored on the key ring. Only external key rings may be used. |
You may use the Batch Control Query portal to find all batch controls supporting these options.
Refer to File Encryption and Signing Keys for more information on maintaining internal and external encryption keys.