Configuring Encryption Keys
Billing implements encryption of all payment methods data with asymmetric key using RSA.
Private key used for data decryption should be placed into separate server or securely stored otherwise. Public key is uploaded into application database and is used for data encryption.
To make data encryption more secure and reliable and provide the ability of keys rotation, two key pairs can be generated.
To keep payment methods information encrypted, one public key is sufficient. However, loss of respective private key would make the decryption impossible. To avoid such a problem, generate two key pairs. On second key pair generation, the data is decrypted with private key 1 and then encrypted with public key 2. So, the data will be kept in two places encrypted with two different keys. Even if one private key is lost, the data can be recovered from another location.
Payment methods data can be stored only encrypted. Thus, to store cards in Billing database, it is necessary to generate at least one key pair.
Important: When loaded to Billing, the RSA private key is stored in memory. Private key is dropped on restart of the server where Billing is deployed. Copy and save the key right after generation to avoid occasional key loss.
To make keys management more secure, it is possible to split keys responsibility between users. One user can store private key, another user can store private key password.
Note: to set up a user with private key management privileges, a special user privilege called KEY_CUSTODIAN is provided. A user that is assigned the KEY_CUSTODIAN privilege, on logging in to Billing can see the set of Billing options limited encryption keys management and user password change. For key owner, this is the only chance to save private key. Key owner must copy the key and save it into a file or click Save to Local Disk.
In Billing interface, two key pairs are called Encryption Key 1 and Encryption Key 2.
Encryption keys are managed under System > Settings > Encryption Keys.
For each of the two key pairs, the Encryption Keys screen displays the following:
Field |
Displays |
---|---|
Public Key Status |
The public key current status telling about the ability of encrypting data using this key. Possible values:
|
Private Key Status |
The private key status telling about private key availability in Billing. Possible values:
|
Key ID |
Unique identifier of generated keys pair or status of key pair. Possible values:
Note: when you save private key to a file on your local computer, the default file name is as follows: |
Buttons:
Button |
Used to: |
---|---|
Generate New Key |
Generate new key pair. The button is enabled only if key pair is not generated or has been dropped. |
Load Private Key |
Load private key to Billing. |
Load Password |
Load private key password; this confirms the private key availability and makes it possible to use the corresponding public key for data encryption. This button is enabled only if the private key is uploaded without password. |
Unload Private Key |
Drop private key from Billing. Payment methods remain encrypted but their decryption is impossible until a private key is loaded again. |
Drop Key |
Drop the key pair. Data encrypted with it will also be dropped. Copy of data encrypted with public key 2, is still stored. If the second key is not generated, the key 1 cannot be dropped. |
Retrieve Private Key |
Retrieve freshly generated private key. This button is shown only for private key owner, when he/'she logs in to Billing to retrieve private key. Key owner clicks this button, gets private key displayed and saves it. |