...
See Concur File Transfer Guide.pdf for detailed information
Encryption
...
Security
Files transfered to and from Concur must be encrypted with OpenPGP. See http://www.pgp.com for more information To download OpenPGP go to http://www.gnupg.org.
To faciliate encryption is was necessary to:
- Obtained Concur's public key to
...
- decrypt files they send.
- Generated an ascii armored public key file
...
- and uploaded it to Concur
...
- so they can decrypt files
...
- we send.
Code Block | ||
---|---|---|
| ||
#Generate key pairs## creating gpg files Create a new directory for PGP files (<gpg directory>) gpg --homedir <gpg directory> --expert --full-generate-key follow #Adding Concur's public key to key file gpg --import concursolutions.asc # List public keys gpg --list-keys # List private keys gpg --list-secret-keys #command line prompts # creating ascii armored gpg public keys gpg --homedir <gpg directory> -a --export <username> <file name>.asc ## de-armoring an ascii armored key (newkey.asc should be in ) gpg --homedir <gpg directory> --dearmor newkey.asc newkey.gpg ## adding new key gpg --homedir <gpg directory> --import newkey.gpg ## creating ascii armored gpg keys gpg --homedir <gpg directory> -a --export [key user name] > [file name].asc <username> <file name>.asc For this implementation we are using Bouncycastle open PGP libraries which perfer .gpg key files to .kbx key files. The following converts .gpg files from .kbx files. gpg --homedir <gpg directory> --export-secret-keys > secret-keys.gpg gpg --homedir <gpg directory> --export-ownertrust > otrust.lst gpg --homedir <gpg directory> --export > pubring.gpg navigate to <gpg directory> mv pubring.kbx pubring.kbx~ gpg --homedir <gpg directory> --import-options import-local-sigs --import secret-keys.gpg gpg --homedir <gpg directory> --import-ownertrust otrust.lst |
The KFS security directory /srv/uconn_configs/kfs-config/sa_forms/java/<environment>/kfs on each KFS server contains the files pubring.gpg and secret-keys.gpg
The security.properties file in the same directory contains the appropriate credentials for KFS to access the keys necessary for encryption and decryption.
Directory Structure
The files are transfer to and from Concur using KFS batch procssing. The following directories are necessary <environment> is the appropiate KFS envronment prd for production and dev for all others
No Format |
---|
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/employee
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/eviValidation
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/list
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/coa
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/export
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/import
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract/exception
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive
/srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive/imports
/srv/uconn_configs/kfs-config/work/<environment>/kfs/reports/concur |