Decrypting a File

Oracle Revenue Management and Billing provides you the ability to decrypt an encrypted file during the file upload process. To decrypt a file during the upload process you should have:

  • File Decryption Required option selected in the Master Configuration screen for the file upload interface

  • File Decryption Required option selected in the File Request Type screen using which the file is uploaded in the system

  • The Cipher Type selected in the Master Configuration screen for the file upload interface for which you want to decrypt the file

  • The C1-FTRAN batch executed in the application

The system supports decryption for the following cipher types:

  • AES – Advanced Encryption Standards - Advanced Encryption Standards(AES) is a symmetric-key encryption which uses only one secret key to encrypt and decrypt information. The secret key is captured while defining the master configuration for the file upload interface. The algorithm used to encrypt or decrypt a file using the AES cipher type is AES/CBC/PKCS5Padding.

    To decrypt a file using the Advanced Encryption Standards cipher type, you need to do the following:

    • Save the master configuration by selecting the Cipher Type as Advanced Encryption Standards.

    • Ensure that the secret key set to decrypt the file is not more than 16 bytes.

      Tip: You can save the configuration with a 16 byte key like 1234567812345678123456.

    • Execute the C1-FTRAN batch.

  • DES – Data Encryption Standard - Data Encryption Standard (DES) is a symmetric-key encryption which uses only one secret key to encrypt and decrypt information. Therefore, both the sender and the receiver must know and use the same secret key. The secret key is captured while defining the master configuration for the file upload interface. The algorithm used to encrypt or decrypt a file using the DES cipher type is DES/CBC/PKCS5Padding.

    To decrypt a file using the Data Encryption Standard cipher type, you need to:

    • Save the master configuration by selecting the Cipher Type as Data Encryption Standard.

    • Ensure that the secret key set to decrypt the file is not more than 8 bytes.

      Tip: You can save the configuration with a 16 byte key like 12345678123.

    • Execute the C1-FTRAN batch.

  • PGP- Pretty Good Privacy - Pretty Good Privacy (PGP) is a hybrid cryptosystem that combines symmetric-key encryption with public-key (asymmetric) encryption.

    To decrypt a file using the Pretty Good Privacy cipher type, you need to:

    • Generate the private and public keys using the Kleopatra tool and save the keys with .asc extension.

    • Create a folder named PGP_​KEYS inside the SHARED_​DIR and save the private and public keys in the PGP_​KEYS folder.

    • Add the values of the file path in the C1-FLUPLD feature configuration.

    • In the Master Configuration screen, select the Cipher Type as Pretty Good Privacy, upload the generated private key file path in the Upload Private Key field, and enter the key in the Pass Phrase field which is generated using the Kleopatra tool.

    • Save the master configuration.

    • Encrypt the target file using the Kleopatra tool.

    • Place the encrypted file in the SHARED DIR.

    • Execute the C1-FTRAN batch.

  • RSA with AES - RSA and AES are combined to build secure systems for protecting data and communications. In this hybrid approach, AES handles the actual data encryption due to its speed and efficiency, while RSA encrypts the AES key for secure key exchange. As a result, even if encrypted data is intercepted, it remains inaccessible without the RSA-encrypted AES key. This layered approach ensures that even if an attacker captures the AES-encrypted data, they won't be able to decrypt it without access to the AES key, which is protected by RSA encryption. RSA encryption and decryption use the OAEPWithSHA-256AndMGF1Padding algorithm.

    RSA-AES decryption can be performed in three different scenarios:

    • The RSA-encrypted AES key is stored in the keystore folder, while the AES-encrypted data file is located in the SHARED_​DIR folder.

    • Both the RSA-encrypted AES key file and the AES-encrypted data file are stored in the SHARED_​DIR folder.

    • A single file in the SHARED_​DIR folder contains both the RSA-encrypted AES key and the AES-encrypted data.

    To decrypt a file using the RSA with AES cipher type, you need to do the following:

    • Place the data file in the project folder.

    • Generate RSA key pair by running the genkey "XXX" command. This will generate the following two files:

      • XXX.key - RSA private key

      • XXX.pub - RSA public key

    • Encrypt the data file by using the enc xxx.pub filename.csv command (for example: enc fileBase.pub BILL_​RT_​TYPE_​8004.csv). This will generate the following files:

      • filename.csv.enc - This file contains both the encrypted AES key and AES-encrypted data

      • AES_​KEY.key - This file contains the RSA-encrypted AES key.

      • ENCRYPTED_​DATA.csv - This file contains the AES-encrypted version of the original file.

    • Select the Cipher Type as RSA with AES in the master configuration, enter the RSA private key in the Private Key field, and save the master configuration.

    • Restart the thread pool to apply changes.

    • Execute the C1-FTRAN batch.

      Note: To test the decryption manually, run the dec xxx.key filename.csv.enc command using Java class and verify the decrypted data within the application.

Related Topics

For more information on... See...
How to set the file upload interface master configuration Setting the File Upload Interface Master Configuration
How to define a file request type Defining a File Request Type
How to set theC1-FLUPLD feature configuration Setting the C1-FLUPLD Feature Configuration