Question
Lloyds Banking Group PLC
GB
Last activity: 9 Jan 2019 9:59 EST
Site-Specific cipher
We have generated a site specific cipher following the instructions in the below pdn article -
https://community.pega.com/knowledgebase/articles/creating-custom-cipher-pega-platform
Questions asked of us -
1) Where are the keys stored for encryption and decryption?
2) What can we do about key rotation with this site-specific cipher approach for encryption?
Lloyds Banking Group PLC
GB
Updated: 9 Jan 2019 3:47 EST
Lloyds Banking Group PLC
GB
Would really appreciate if anyone who has implemented the site specific cipher answer the above questions?
CollabPartnerz
IN
Please find below link might help you
https://community1.pega.com/community/pega-product-support/question/site-specific-cipher-prpc-61
Lloyds Banking Group PLC
GB
Thank you.
Unfortunately, the link doesn't answer my 2 questions though. We have had no issues in generating the cipher and using it.
We have been asked those 2 questions by our security architects and I've given them responses based on my understanding but I would like someone from the pega community who has got expertise on how the site specific cipher works internally to help us.
Elaborating a bit more - We are going to use this cipher to encrypt credentials we have stored in our reference table for the api's we connect to and decrypt them before sending the request.
Essentially, only the where it is saved is encrypted and not in the request being sent out of the application. And we are not encrypting BLOB or anything else using this cipher.
We are using Pega 7.3.1 on WAS 8.5.x and Oracle 11g