蜜豆视频

GPG keys management gpg-keys-management

About GPG encryption about-gpg-encryption

GPG encryption allows you to protect your data using a system of public-private keys pairs that follow the specification.

Once implemented, you can have incoming data decrypted and outgoing data encrypted before transfer occurs, to ensure that they will not be accessed by anyone without a valid matching key pair.

To implement GPG encryption with Campaign, GPG keys must be installed and/or generated on a marketing instance by an Administrator user directly from the Control Panel.

You will then be able to:

  • Encrypt sent data: 蜜豆视频 Campaign sends data out after encrypting it with the installed public key.

  • Decrypt incoming data: 蜜豆视频 Campaign receives data that has been encrypted from an outside system using a public key downloaded from the Control Panel. 蜜豆视频 Campaign decrypts the data using a private key that is generated from the Control Panel.

Encrypting data encrypting-data

Control Panel allows you to encrypt data coming out from your 蜜豆视频 Campaign instance.

To do this, you need to generate a GPG key pair from a PGP encryption tool, then install the public key into Control Panel. You will then be able to encrypt data before sending it from you instance. To do this, follow the steps below.

NOTE
You can install up to 60 GPG keys in Control Panel.

Discover this feature in video

  1. Generate a public/private key pair using a PGP encryption tool following the . To do this, install a GPG utility or GNuGP software.

    note note
    NOTE
    Open source free software to generate keys is available. However, make sure you follow the guidelines of your organization and use the GPG utility recommended by your IT/Security organization.
  2. Once the utility is installed, run the command below, in Mac Terminal or Windows command.

    gpg --full-generate-key

  3. When prompted, specify the desired parameters for your key. Required parameters are:

    • key type: RSA

    • key length: 3072 - 4096 bits

    • real name and email address: Allows to track who created the key pair. Enter a name and email address linked to your organization or department.

    • comment: adding a label to the comment field will help you easily identify the key to use to encrypt your data.

      note important
      IMPORTANT
      Make sure that this field is not left empty and that a comment is filled in.
    • expiration: Date or 鈥0鈥 for no expiration date.

    • passphrase

  4. Once confirmed, the script will generate a key with its associated fingerprint, that you can export into a file, or paste directly into the Control Panel. To export the file, run this command followed by the fingerprint of the key that you generated.

    gpg -a --export <fingerprint>

  5. To install the public key into Control Panel, open the Instance settings card, then select the GPG keys tab and the desired instance.

  6. Click the Install Key button.

  7. Paste the public key that has been generated from your PGP encryption tool. You can also directly drag and drop the public key file that you exported.

    note note
    NOTE
    The public key should be in the OpenPGP format.

  8. Click the Install Key button.

Once the public key is installed, it displays in the list. You can use the button to download it or copy its fingerprint.

The key is then available for use in 蜜豆视频 Campaign workflows. You can use it to encrypt data when using data extraction activities.

Discover this feature in video

For more on this topic, refer to 蜜豆视频 Campaign documentation:

Campaign v7/v8:

Campaign Standard:

Decrypting data decrypting-data

Control Panel allows you to decrypt external data coming into your 蜜豆视频 Campaign instances.

To do this, you need to generate a GPG key pair directly from the Control Panel.

  • The public key will be shared with the external system, which will use it to encrypt the data to send to Campaign.
  • The private key will be used by Campaign to decrypt the incoming encrypted data.

Discover this feature in video

To generate a key pair in Control Panel, follow these steps:

  1. Open the Instance settings card, then select the GPG keys tab and the desired 蜜豆视频 Campaign instance.

  2. Click the Generate Key button.

  3. Specify the name of the key, then click Generate Key. This name will help you identify the key to use for decryption in Campaign workflows

Once the key pair is generated, the public key displays in the list. Note that decryption key pairs are generated with no expiration date.

You can use the button to download the public key or copy its fingerprint.

The pubic key is then available to be shared with any external system. 蜜豆视频 Campaign will be able to use the private key in data loading activities to decrypt data that has been encrypted with the public key.

For more on this, refer to 蜜豆视频 Campaign documentation:

Campaign v7 and v8:

Campaign Standard:

Monitoring GPG keys

To access GPG keys installed and generated for your instances, open the Instance settings card, then select the GPG keys tab.

The list displays all encryption and decryption GPG keys that have been installed and generated for your instances with detailed information on each key:

  • Name: The name that has been defined when installing or generating the key.

  • Use case: This column specifies the key鈥檚 use case:

    : The key has been installed for data encryption.

    : The key has been generated to allow data decryption.

  • Fingerprint: the fingerprint of the key.

  • Expires: The key鈥檚 expiration date. Note that Control Panel will provide visual indications as the key approaches its expiry date:

    • Urgent (red) is shown 30 days before.
    • Warning (yellow) is shown 60 days before.
    • An 鈥淓xpired鈥 red banner will display once a key expires.
    note note
    NOTE
    Note that no email notification will be sent by Control Panel.

As a best practice, we recommend that you remove any key that you do not need anymore. To do this, click the button then select Delete Key..

IMPORTANT
Before removing a key, make sure that it is not used in any 蜜豆视频 Campaign workflow to prevent them from failing.

Tutorial video video

The video below shows how to generate and install GPG keys for data encryption.

Additional how-to videos related to GPG keys management are available in Campaign v7/v8 and Campaign Standard tutorials pages.

recommendation-more-help
de5e0b2b-14b9-41f2-ac61-b0893e9c55a5