Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »


Overview

See Concur File Transfer Guide.pdf for detailed information

Encryption

Overview

Files must be OpenPGP encrypted so it is necessary to obtain Concur's public key to encrypt files sent to Concur and to generate an acsii armored public key file that is subsequently uploaded to Concur to decrypt files recieved.   Concur supportedsOpenPGP complient software from the following http://www.pgp.com or http://www.gnupg.org.

gpg commands
## creating gpg files
Create a new directory for PGP files (<gpg directory>)
gpg --homedir <gpg directory> --expert --full-generate-key
	follow command line prompts

# creating ascii armored gpg public keys
gpg --homedir <gpg directory> -a --export <username> <file name>.asc

## de-armoring  an ascii armored key (newkey.asc should be in )
gpg --homedir <gpg directory> --dearmor newkey.asc newkey.gpg

## adding new key
gpg --homedir <gpg directory> --import newkey.gpg

## creating ascii armored gpg  keys
gpg --homedir <gpg directory> -a --export <username> <file name>.asc

For this implementation we are using Bouncycastle open PGP libraries which perfer .gpg key files to .kbx key files.
The following converts .gpg files from .kbx files.
gpg --homedir <gpg directory> --export-secret-keys > secret-keys.gpg

gpg --homedir <gpg directory> --export-ownertrust > otrust.lst

gpg --homedir <gpg directory> --export > pubring.gpg

navigate to  <gpg directory>
mv pubring.kbx pubring.kbx~
 
gpg --homedir <gpg directory> --import-options import-local-sigs --import secret-keys.gpg

gpg --homedir <gpg directory> --import-ownertrust otrust.lst


Configuration

The following directories are necessary <environment> is the appropiate KFS envronment prd for production and dev for all others

 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/employee
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/eviValidation
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/list
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/coaFo710
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/coaFo760
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/export
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/import
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/extract/exception
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/staging/concur/archive/imports 
 
 /srv/uconn_configs/kfs-config/work/<environment>/kfs/reports/concur


Security

Files transfered to and from Concur are encrypted using PGP encryption and need PGP key files.  The files pubring.gpg and secret-keys.gpg are required in the KFS security directory

/srv/uconn_configs/kfs-config/sa_forms/java/<environment>/kfs on each KFS server. The security.properties file in the same directory contains the appropriate credentials for KFS to access the keys.


  • No labels