There are several credentials available for a host that can be uploaded using the Credentials tab:
• New Private Key, page 12
• New SSH Private Key, page 13
• Generating New PGP Key Pairs, page 13
• Assigning a Shadow Key for the Host, page 16
• Exporting PGP Keys, page 20
New Private Key
To upload a private key for the host, perform these steps:
To learn how to work with keys, you can use the samples provided with this program in the directory BC_HOME/samples/keys. Keep in mind that the chosen password is Password1.
Credentials Tab for Participants
|
132. Click New Private Key.
3. Type the name of the key in the Alias field.
4. In the Current Credential line click change.
Browse and navigate to the file containing the private key and click OK.
5. Click set next to Password.
Type the password (required for private keys) in the Enter Password and Enter Password Again fields.
If you are using any of the sample keys provided in the directory BC_HOME\samples\keys, the password is "Password1".
6. Click OK and Save.
The new private key for the host is now listed in the Credential Name list.
New SSH Private Key
SSH keys are used to support the SSHFTP transport in BusinessConnect.
To upload a SSH private key, perform these steps:
1. Expand BusinessConnect > Participants > host > Credentials tab.
2. Click New SSH Private Key.
Type the name of the key in the Alias field.
3. In the Current Credential line click change.
Browse and navigate to the file containing the SSH private key and click OK.
4. Click set next to Password.
Type the password (required for private keys) in the Enter Password and Enter Password Again fields.
5. Click OK and Save.
The new SSH key for the host is now listed in the Credential Name list.
The new PGP key are automatically imported into the TIBCO BusinessConnect configuration store and associated with the host.
1. Expand BusinessConnect > Participants > host > Credentials tab.
2. Click New PGP Private Key.
3. Select the mode by which the new key will be generated and click OK:
• Generating a New Key Pair, page 14
• Uploading from a File, page 15
• Importing from ASCII Armor, page 15
Generating a New Key Pair
This option generates both a private and a public key. When a key pair generated this way is exported either in form of binary files or in the ASCII Armor format, both keys will be exported at the same time.
Table 5 Generating a New PGP Key Pair
Field Description
Alias Name for the new PGP key pair
Password Password associated with the private key Expiry Date A date by which the key pair will be valid Key Size Size of the new key in bytes: 1024 or 2048
Key Type For the new PGP key pairs there are two selections available:
• DSA and ElGamal Both created keys, private and public, support signing using the DSA algorithm and encryption using the ElGamal algorithm.
• RSA Key Pair Both created keys, private and public, support signing and encryption using the RSA algorithm.
Real Name A user supplied name to be used in conjunction with the email address in constructing the PGP User ID of the key pair.
Email Address Email address to be associated with the generated key pair.
Credentials Tab for Participants
|
15Uploading from a File
When exporting an uploaded private key for the host, it will only have the option of exporting this private key, without the public part.
Importing from ASCII Armor
Users can import a PGP key pair for the host partner in two ways:
• Import a set of files, with one file for each key part. Content of the file for a key part can be in binary or in ASCII armor format
• Import by pasting the ASCII armor private and public key parts into a screen Uploading from a file supports only the private PGP key for the host.
Importing from the ASCII armor allows you to import both the private and public PGP key. In the Import from ASCII Armor window, enter data as explained in Table 7.
The local_policy.jar and US_export_policy.jar files in the
TIBCO_HOME\tibcojre64\version_number\lib\security directory are need to be replaced by Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files before uploading a PGP private key.
Table 6 Uploading a Private PGP Key from a File
Field Description
Alias Name of the uploaded key.
Current Credential Browse to the location where a PGP private key that you want to use is located and upload a PGP private key.
Password Supply a password that corresponds to the key.
Table 7 Importing a PGP Key Pair from the ASCII Armor
Field Description
• Click Save.
All PGP keys, generated or uploaded/imported, will be available in the Edit Host Participant window.
Assigning a Shadow Key for the Host
To assign a shadow key, follow these steps:
1. Expand BusinessConnect > Participants > host > Credentials tab.
ASCII Formatted Text (Private)
Paste the text in ASCII armor format, where the private key is base64 encoded and wrapped with a PGP specific header and footer such as:
---BEGIN PGP PRIVATE KEY
Paste the text in ASCII armor format, where the public key is base64 encoded and wrapped with a PGP specific header and footer such as:
---BEGIN PGP PUBLIC KEY
BLOCK---Table 7 Importing a PGP Key Pair from the ASCII Armor (Cont’d)
Field Description
Shadow PGP keys are currently not supported.
Credentials Tab for Participants
|
17Figure 2 Editing Host Participant: Credentials Tab
2. Click the private key that will expire first, such as hostsKey.
The Edit Private Key dialog is displayed.
3. In the Shadow Settings area, select the Activation date for shadow key using the three menus. This date has to be chosen before the first key is about to expire. From the Shadow Key list, select the key you would like to use as replacement, such as hostsPrivateKey.
4. Click Save.
After the shadow key takes effect, it is still a shadow key. You have to remove or update the original credential and remove or promote the shadow key.