Versions Compared

Old Version 8

changes.mady.by.user David Chudnow

Saved on

compared with

New Version 9

changes.mady.by.user David Chudnow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titlegpg commands
## creating gpg files
Create a new directory for PGP files (<gpg directory>)
gpg --homedir <gpg directory> --expert --full-generate-key
	follow command line prompts

# creating ascii armored gpg public keys
gpg --homedir <gpg directory> -a --export <username> <file name>.asc

## de-armoring  an ascii armored key (newkey.asc should be in )
gpg --homedir <gpg directory> --dearmor newkey.asc newkey.gpg

## adding new key
gpg --homedir <gpg directory> --import newkey.gpg

## creating ascii armored gpg  keys
gpg --homedir <gpg directory> -a --export <username> <file name>.asc

For this implementation we are using Bouncycastle open PGP libraries which perfer .gpg key files to .kbx key files.
The following converts .gpg files from .kbx files.
gpg --homedir <gpg directory> --export-secret-keys > secret-keys.gpg

gpg --homedir <gpg directory> --export-ownertrust > otrust.lst

gpg --homedir <gpg directory> --export > pubring.gpg

navigate to  <gpg directory>
mv pubring.kbx pubring.kbx~
 
gpg --homedir <gpg directory> --import-options import-local-sigs --import secret-keys.gpg

gpg --homedir <gpg directory> --import-ownertrust otrust.lst


Configuration

The following directories are necessary <environment> is the appropiate KFS envronment prd for production and dev for all others

No Format
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/employee
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/eviValidation
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/list
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/coaFo710
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/coaFo760
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/export
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/import
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract/exception
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive/imports 
 
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/reports/concur


Security

Files transfered to and from Concur are encrypted using PGP encryption and need PGP key files.  The files pubring.gpg and secret-keys.gpg are required in the KFS security directory

/srv/uconn_configs/kfs-config/sa_forms/java/<environment>/kfs on each KFS server. The security.properties file in the same directory contains the appropriate credentials for KFS to access the keys.