Configuring Encryption Keys

Billing implements encryption of all payment methods data with asymmetric key using RSA.

Private key used for data decryption should be placed into separate server or securely stored otherwise. Public key is uploaded into application database and is used for data encryption.

To make data encryption more secure and reliable and provide the ability of keys rotation, two key pairs can be generated.

To keep payment methods information encrypted, one public key is sufficient. However, loss of respective private key would make the decryption impossible. To avoid such a problem, generate two key pairs. On second key pair generation, the data is decrypted with private key 1 and then encrypted with public key 2. So, the data will be kept in two places encrypted with two different keys. Even if one private key is lost, the data can be recovered from another location.

Payment methods data can be stored only encrypted. Thus, to store cards in Billing database, it is necessary to generate at least one key pair.

Important: When loaded to Billing, the RSA private key is stored in memory. Private key is dropped on restart of the server where Billing is deployed. Copy and save the key right after generation to avoid occasional key loss.

To make keys management more secure, it is possible to split keys responsibility between users. One user can store private key, another user can store private key password.

Note: to set up a user with private key management privileges, a special user privilege called KEY_CUSTODIAN is provided. A user that is assigned the KEY_CUSTODIAN privilege, on logging in to Billing can see the set of Billing options limited encryption keys management and user password change. For key owner, this is the only chance to save private key. Key owner must copy the key and save it into a file or click Save to Local Disk.

In Billing interface, two key pairs are called Encryption Key 1 and Encryption Key 2.

Encryption keys are managed under System > Settings > Encryption Keys.

For each of the two key pairs, the Encryption Keys screen displays the following:

Field

Displays

Public Key Status

The public key current status telling about the ability of encrypting data using this key. Possible values:

  • Not Used - The key is not generated or private key is not loaded. The key cannot be used for data encryption.
  • Not Confirmed - The key is generated, but private key is not uploaded. This status mostly appears if private key has been generated for a special user - key custodian. To make encryption with public key possible, it is necessary to upload private key and thus confirm that private key exists and encrypted data can be decrypted. Key custodian logs in to Billing, retrieves private key, uploads it; after this public key is ready for use.
  • Used - The key is ready to be used or used for data encryption.

Private Key Status

The private key status telling about private key availability in Billing. Possible values:

  • Not Loaded - Private key is not loaded to Billing. Data decryption is not possible.
  • Loaded without Password - Private key is loaded to Billing, but key password was not entered. The key cannot be used for data decryption till password is entered.
  • Loaded - Private key is loaded and can be used for data decryption.

Key ID

Unique identifier of generated keys pair or status of key pair. Possible values:

  • A numerical ID that is shown if a key pair is generated.
  • Not Generated – Key pair is not generated.

Note: when you save private key to a file on your local computer, the default file name is as follows: PrivateKey_ID.bmk, where ID is replaced with key pair ID shown in the KeyID field.

Buttons:

Button

Used to:

Generate New Key

Generate new key pair. The button is enabled only if key pair is not generated or has been dropped.

Load Private Key

Load private key to Billing.

Load Password

Load private key password; this confirms the private key availability and makes it possible to use the corresponding public key for data encryption. This button is enabled only if the private key is uploaded without password.

Unload Private Key

Drop private key from Billing. Payment methods remain encrypted but their decryption is impossible until a private key is loaded again.

Drop Key

Drop the key pair. Data encrypted with it will also be dropped. Copy of data encrypted with public key 2, is still stored. If the second key is not generated, the key 1 cannot be dropped.

Retrieve Private Key

Retrieve freshly generated private key. This button is shown only for private key owner, when he/'she logs in to Billing to retrieve private key. Key owner clicks this button, gets private key displayed and saves it.