Versions Compared

Old Version 9

changes.mady.by.user David Chudnow

Saved on

compared with

New Version 10

changes.mady.by.user David Chudnow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See Concur File Transfer Guide.pdf for detailed information

Encryption

Overview

...


Security

Files transfered to and from Concur must be OpenPGP encrypted so it is necessary to obtain .  We need to download Concur's public key to encrypt files sent to Concur and to generate an acsii decrypt files they send.  Conversley we need to generate an ascii armored public key file that is subsequently uploaded and upload it to Concur to so they can decrypt files recievedwe send.   Concur supportedsOpenPGP complient supporteds OpenPGP.  Complient software from the following http://www.pgp.com or http://www.gnupg.org.

The files pubring.gpg and secret-keys.gpg (see below) are required in the KFS security directory /srv/uconn_configs/kfs-config/sa_forms/java/<environment>/kfs on each KFS server. The security.properties file in the same directory contains the appropriate credentials for KFS to access the keys necessary for encryption and decryption.

Code Block
titlegpg commands
## creating gpg files
Create a new directory for PGP files (<gpg directory>)
gpg --homedir <gpg directory> --expert --full-generate-key
	follow command line prompts

# creating ascii armored gpg public keys
gpg --homedir <gpg directory> -a --export <username> <file name>.asc

## de-armoring  an ascii armored key (newkey.asc should be in )
gpg --homedir <gpg directory> --dearmor newkey.asc newkey.gpg

## adding new key
gpg --homedir <gpg directory> --import newkey.gpg

## creating ascii armored gpg  keys
gpg --homedir <gpg directory> -a --export <username> <file name>.asc

For this implementation we are using Bouncycastle open PGP libraries which perfer .gpg key files to .kbx key files.
The following converts .gpg files from .kbx files.
gpg --homedir <gpg directory> --export-secret-keys > secret-keys.gpg

gpg --homedir <gpg directory> --export-ownertrust > otrust.lst

gpg --homedir <gpg directory> --export > pubring.gpg

navigate to  <gpg directory>
mv pubring.kbx pubring.kbx~
 
gpg --homedir <gpg directory> --import-options import-local-sigs --import secret-keys.gpg

gpg --homedir <gpg directory> --import-ownertrust otrust.lst

Configuration

Directory Structure

The files are transfer to and from Concur using KFS batch procssing. The following directories are necessary <environment> is the appropiate KFS envronment prd for production and dev for all others

No Format
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/employee
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/eviValidation
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/list
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/coaFo710
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/coaFo760
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/export
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/import
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract/exception
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive/imports 
 
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/reports/concur

Security

Files transfered to and from Concur are encrypted using PGP encryption and need PGP key files.  The files pubring.gpg and secret-keys.gpg are required in the KFS security directory

...