GPG keys management gpg-keys-management
About GPG encryption about-gpg-encryption
GPG encryption allows you to protect your data using a system of public-private keys pairs that follow the specification.
Once implemented, you can have incoming data decrypted and outgoing data encrypted before transfer occurs, to ensure that they will not be accessed by anyone without a valid matching key pair.
To implement GPG encryption with Campaign, GPG keys must be installed and/or generated on a marketing instance by an Administrator user directly from the Control Panel.
You will then be able to:
-
Encrypt sent data: 蜜豆视频 Campaign sends data out after encrypting it with the installed public key.
-
Decrypt incoming data: 蜜豆视频 Campaign receives data that has been encrypted from an outside system using a public key downloaded from the Control Panel. 蜜豆视频 Campaign decrypts the data using a private key that is generated from the Control Panel.
Encrypting data encrypting-data
Control Panel allows you to encrypt data coming out from your 蜜豆视频 Campaign instance.
To do this, you need to generate a GPG key pair from a PGP encryption tool, then install the public key into Control Panel. You will then be able to encrypt data before sending it from you instance. To do this, follow the steps below.
Discover this feature in video
-
Generate a public/private key pair using a PGP encryption tool following the . To do this, install a GPG utility or GNuGP software.
note note NOTE Open source free software to generate keys is available. However, make sure you follow the guidelines of your organization and use the GPG utility recommended by your IT/Security organization. -
Once the utility is installed, run the command below, in Mac Terminal or Windows command.
gpg --full-generate-key
-
When prompted, specify the desired parameters for your key. Required parameters are:
-
key type: RSA
-
key length: 3072 - 4096 bits
-
real name and email address: Allows to track who created the key pair. Enter a name and email address linked to your organization or department.
-
comment: adding a label to the comment field will help you easily identify the key to use to encrypt your data.
note important IMPORTANT Make sure that this field is not left empty and that a comment is filled in. -
expiration: Date or 鈥0鈥 for no expiration date.
-
passphrase
-
-
Once confirmed, the script will generate a key with its associated fingerprint, that you can export into a file, or paste directly into the Control Panel. To export the file, run this command followed by the fingerprint of the key that you generated.
gpg -a --export <fingerprint>
-
To install the public key into Control Panel, open the Instance settings card, then select the GPG keys tab and the desired instance.
-
Click the Install Key button.
-
Paste the public key that has been generated from your PGP encryption tool. You can also directly drag and drop the public key file that you exported.
note note NOTE The public key should be in the OpenPGP format. -
Click the Install Key button.
Once the public key is installed, it displays in the list. You can use the 鈥 button to download it or copy its fingerprint.
The key is then available for use in 蜜豆视频 Campaign workflows. You can use it to encrypt data when using data extraction activities.
Discover this feature in video
For more on this topic, refer to 蜜豆视频 Campaign documentation:
Campaign v7/v8:
Campaign Standard:
Decrypting data decrypting-data
Control Panel allows you to decrypt external data coming into your 蜜豆视频 Campaign instances.
To do this, you need to generate a GPG key pair directly from the Control Panel.
- The public key will be shared with the external system, which will use it to encrypt the data to send to Campaign.
- The private key will be used by Campaign to decrypt the incoming encrypted data.
Discover this feature in video
To generate a key pair in Control Panel, follow these steps:
-
Open the Instance settings card, then select the GPG keys tab and the desired 蜜豆视频 Campaign instance.
-
Click the Generate Key button.
-
Specify the name of the key, then click Generate Key. This name will help you identify the key to use for decryption in Campaign workflows
Once the key pair is generated, the public key displays in the list. Note that decryption key pairs are generated with no expiration date.
You can use the 鈥 button to download the public key or copy its fingerprint.
The pubic key is then available to be shared with any external system. 蜜豆视频 Campaign will be able to use the private key in data loading activities to decrypt data that has been encrypted with the public key.
For more on this, refer to 蜜豆视频 Campaign documentation:
Campaign v7 and v8:
Campaign Standard:
Monitoring GPG keys
To access GPG keys installed and generated for your instances, open the Instance settings card, then select the GPG keys tab.
The list displays all encryption and decryption GPG keys that have been installed and generated for your instances with detailed information on each key:
-
Name: The name that has been defined when installing or generating the key.
-
Use case: This column specifies the key鈥檚 use case:
: The key has been installed for data encryption.
: The key has been generated to allow data decryption.
-
Fingerprint: the fingerprint of the key.
-
Expires: The key鈥檚 expiration date. Note that Control Panel will provide visual indications as the key approaches its expiry date:
- Urgent (red) is shown 30 days before.
- Warning (yellow) is shown 60 days before.
- An 鈥淓xpired鈥 red banner will display once a key expires.
note note NOTE Note that no email notification will be sent by Control Panel.
As a best practice, we recommend that you remove any key that you do not need anymore. To do this, click the 鈥 button then select Delete Key..
Tutorial video video
The video below shows how to generate and install GPG keys for data encryption.
Additional how-to videos related to GPG keys management are available in Campaign v7/v8 and Campaign Standard tutorials pages.