There are several credentials available for a host that can be uploaded using the Credentials tab:
• New Private Key, page 11
• New SSH Private Key, page 12
• Generating New PGP Key Pairs, page 12
• Assigning a Shadow Key for the Host, page 15
• Exporting PGP Keys, page 19 New Private Key
To upload a private key for the host, perform these steps:
1. Expand BusinessConnect > Participants > host > Credentials tab.
2. Click New Private Key.
To learn how to work with keys, you can use the samples provided with this program in the directory BC_HOME/samples/keys. Keep in mind that the chosen password is Password1.
TIBCO BusinessConnect Trading Partner Administration 12
|
Chapter 1 Participants4. In the Current Credential line click change.
Browse and navigate to the file containing the private key and click OK.
5. Click set next to Password.
Type the password (required for private keys) in the Enter Password and Enter Password Again fields.
If you are using any of the sample keys provided in the directory BC_HOME\samples\keys, the password is "Password1".
6. Click OK and Save.
The new private key for the host is now listed in the Credential Name list.
New SSH Private Key
SSH keys are used to support the SSHFTP transport in BusinessConnect.
To upload a SSH private key, perform these steps:
1. Expand BusinessConnect > Participants > host > Credentials tab.
2. Click New SSH Private Key.
Type the name of the key in the Alias field.
3. In the Current Credential line click change.
Browse and navigate to the file containing the SSH private key and click OK.
4. Click set next to Password.
Type the password (required for private keys) in the Enter Password and Enter Password Again fields.
5. Click OK and Save.
The new SSH key for the host is now listed in the Credential Name list.
Generating New PGP Key Pairs
TIBCO BusinessConnect can create new PGP key pairs for users and store them in the certificate store. These key pairs contain a private and a public key and can have a key size of 1024 or 2048 bytes. The key types are DSA and ElGamal or RSA and allows both for encryption and signing. These key pairs also contain the name of the private key owner, as well as an email address of that owner.
The new PGP key are automatically imported into the TIBCO BusinessConnect configuration store and associated with the host.
1. Expand BusinessConnect > Participants > host > Credentials tab.
Credentials Tab for Participants
|
132. Click New PGP Private Key.
3. Select the mode by which the new key will be generated and click OK:
• Generating a New Key Pair, page 13
• Uploading from a File, page 14
• Importing from ASCII Armor, page 14 Generating a New Key Pair
This option generates both a private and a public key. When a key pair generated this way is exported either in form of binary files or in the ASCII Armor format, both keys will be exported at the same time.
Table 5 Generating a New PGP Key Pair
Field Description
Alias Name for the new PGP key pair
Password Password associated with the private key Expiry Date A date by which the key pair will be valid Key Size Size of the new key in bytes: 1024 or 2048
Key Type For the new PGP key pairs there are two selections available:
• DSA and ElGamal Both created keys, private and public, support signing using the DSA algorithm and encryption using the ElGamal algorithm.
• RSA Key Pair Both created keys, private and public, support signing and encryption using the RSA algorithm.
Real Name A user supplied name to be used in conjunction with the email address in constructing the PGP User ID of the key pair.
Email Address Email address to be associated with the generated key pair.
TIBCO BusinessConnect Trading Partner Administration 14
|
Chapter 1 ParticipantsUploading from a File
When exporting an uploaded private key for the host, it will only have the option of exporting this private key, without the public part.
Importing from ASCII Armor
Users can import a PGP key pair for the host partner in two ways:
• Import a set of files, with one file for each key part. Content of the file for a key part can be in binary or in ASCII armor format
• Import by pasting the ASCII armor private and public key parts into a screen Uploading from a file supports only the private PGP key for the host.
Importing from the ASCII armor allows you to import both the private and public PGP key. In the Import from ASCII Armor window, enter data as explained in Table 7.
Table 6 Uploading a Private PGP Key from a File
Field Description
Alias Name of the uploaded key.
Current Credential Browse to the location where a PGP private key that you want to use is located and upload a PGP private key.
Password Supply a password that corresponds to the key.
Table 7 Importing a PGP Key Pair from the ASCII Armor
Field Description
Alias Name of the imported key pair.
Password Supply a password that corresponds to the private PGP key.
ASCII
Formatted Text (Private)
Paste the text in ASCII armor format, where the private key is base64 encoded and wrapped with a PGP specific header and footer such as:
---BEGIN PGP PRIVATE KEY
BLOCK---Credentials Tab for Participants
|
15• Click Save.
All PGP keys, generated or uploaded/imported, will be available in the Edit Host Participant window.
Assigning a Shadow Key for the Host
To assign a shadow key, follow these steps:
1. Expand BusinessConnect > Participants > host > Credentials tab.
Figure 2 Editing Host Participant: Credentials Tab
2. Click the private key that will expire first, such as hostsKey.
ASCII
Formatted Text (Public)
Paste the text in ASCII armor format, where the public key is base64 encoded and wrapped with a PGP specific header and footer such as:
---BEGIN PGP PUBLIC KEY BLOCK---Version: BCPG v1.46
mQENBE2cttgDCACO4PRiKPLFNheitPoyNvnuNTghwjNNmSB7BMprzQ3vMeV1XMUg aAW7/qH3YxT3UbHdXkyP9oH/A47pFNoMCvsIgae9mqZoKKWoKCWHRpishTtv5rXV P2O/KhUqjgBCd3HZ1qjnDJEVHwOm37H6Iqyd66tRTsW57Wztxy9hRdftM77aaKJl ...
AwKMfdaQnd1ntV6BXFM6GXdl5HJhjjY/HVJtRb498Rjba9IUVSe1VuhLt4fHSh/0 wgvMs7z6ymy04dr85vmNqtaKOQgWWs8=
=Fd6T
---END PGP PUBLIC KEY
BLOCK---Table 7 Importing a PGP Key Pair from the ASCII Armor (Cont’d)
Field Description
Shadow PGP keys are currently not supported.
TIBCO BusinessConnect Trading Partner Administration 16
|
Chapter 1 Participants3. In the Shadow Settings area, select the Activation date for shadow key using the three menus. This date has to be chosen before the first key is about to expire. From the Shadow Key list, select the key you would like to use as replacement, such as hostsPrivateKey.
4. Click Save.
After the shadow key takes effect, it is still a shadow key. You have to remove or update the original credential and remove or promote the shadow key.