Most of the company are exchanging PII (personal identification information) data (it could be routing number, credit card number, employee information etc) so to exchange files security we have to do 2 things:
Use gpg (or pgp) encrypt the file.
Use sftp send the file to the target system.
We will discuss more on how to encrypt file using gpg software.
Create encrypted file:
Source system: Generate file e.g.: CTX
Target system: Receive the file e.g.: Bank
a. First step is to create key
Go to your application server and run below syntax from the command line:
————————————————
gpg --gen-key
————————————————
Note: Check with your admin if gpg software has been installed at your environment else they might need before we further go through the following steps.
A series of prompts directs you through the process. Press the Enter key to assign a default value if desired
——————————————————————————————————
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
——————————————————————————————————
Choose the key size, by default it would be 2048.
——————————————————————————————————
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
——————————————————————————————————
Specify key expiration period. For testing lets go with no expire.
——————————————————————————————————
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
——————————————————————————————————
Specify user ID, email address and the comments for the key.
——————————————————————————————————
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
——————————————————————————————————
You can give passphrase to the key. This is done for extra caution.
——————————————————————————————————
You need a Passphrase to protect your secret key.
——————————————————————————————————
key has been created.
b. We are done with key generation. once the key is generated use list keys command to list the key details.
——————————————————————————————————
gpg --list-keys
——————————————————————————————————
e.g.: It would look like below
pub 1024D/7FFAD482 2015-10-02
uid article (test key for the article) <article@abc.com>
sub 2048g/80859349 2015-10-02
c. Export public key.
Public key need to be exported so that it can be shared with target system.
Key can be exported in 2 formats.
1. gibberish format
2. Alphanumeric (commonly used) format. armor command in below syntax.
——————————————————————————————————
gpg --output article.gpg.export --export article@abc.com
gpg --armor --export article@abc.com > article.gpg.export
——————————————————————————————————
d. Transfer key to target system.
After executing above command article.gpg.export file will be created. You now have to send the key to target system. You have 2 options.
1. Using gpg —send-key option you can send the key
2. FTP the file from server to local and send the file to the contact person who is in-charge of target system through outlook email.
e. Install gpg key at target system.
——————————————————————————————————
gpg --import article.gpg.export
——————————————————————————————————
The log should look like below. If you do not see "imported as 1" then you export of public key was not done properly.
gpg: Total number processed: 1
gpg: imported: 1
f. encrypt file using the generated key
Lets assume article.txt is the original file and that need to be encrypted so using below command article.txt will be encrypted using public key.
——————————————————————————————————
gpg -s --no-tty --always-trust --passphrase "Testing" -u article@abc.com "article.txt"
——————————————————————————————————
when you define your key in the source system whatever passpharse was given the same as to be given in above command.
e.g.: “Testing” is the passpharse used.
send encrypted file to the target system.
Target system need to decrypt the file
——————————————————————————————————
gpg --no-tty --passphrase "Testing" -u article@abc.com "article.txt.gpg"
——————————————————————————————————
After executing decrypt command the encrypted file will be decrypted and the decrypted file will be processed.
g. How the encrypted files are exchanged between the system:
The steps are explained in below article.
http://oracleappssuren.blogspot.com/2015/11/ssh-key-for-ebs-environment.html
Other scenario:
Lets take an example of travel card process:
In travel card process where source organization would send the public key to bank and bank encrypt and send the transaction file so now source organization will decrypt and load the transactions into Internet expense.
Source system could generate public key, share the key with target system and target system will generate file with applying encryption using the key shared by source system. Now source system get the encrypted file from target and decrypt the file and process it.
What ever steps we have followed above is going to be same.
The command for encrypt and decrypt going to be
——————————————————————————————————
Target system:
gpg --encrypt --recipient article@abc.com article.gpg.export
gpg --encrypt --recipient article@abc.com article.gpg.export
Source system:
gpg --no-tty -u article@abc.com article.txt.gpg
——————————————————————————————————
gpg: decryption failed: secret key not available
When you get above error that means the you have shared the public key only to other party and system is expecting to share private key. So you have got 2 options.
1. Share private key so that other party can import and then can encrypt the file.
2. or instead of encrypt sign the document.
Thanks for reading my blog. Have a wonderful day!!!
Thanks for reading my blog. Have a wonderful day!!!
