Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 1 Participants : Credentials Tab for Participants

Credentials Tab for Participants
BusinessConnect uses two methods of public key cryptography:
PKI (Public Key Infrastructure)
This method uses a hierarchical key management system that includes a certification authority (CA). The CA issues digital certificates by binding the identity of a user or a system to a public key with a digital signature. The host can use the trading partner’s public key to authenticate a sender, enable non-repudiation, encrypt a transport, or encrypt a message.
PGP (Pretty Good Privacy)
PGP does not use Certificate Authorities and instead each public key is bound to a user name and/or an e-mail address. A "web of trust" is used to establish the authenticity of the binding between a public key and its owner. In BusinessConnect, PGP keys are used for message signatures and encryption on the FTP, FTPS, SSHFTP transports.
To learn how to work with keys, you can use the samples provided with this program in the directory BC_HOME/samples/keys. Keep in mind that the chosen password is Password1.
Managing Host Credentials
There are several credentials available for a host that can be uploaded using the Credentials tab:
New Private Key
To upload a private key for the host, perform these steps:
1.
Expand BusinessConnect > Participants > host > Credentials tab.
2.
Click New Private Key.
3.
4.
Browse and navigate to the file containing the private key and click OK.
5.
Click set next to Password.
Type the password (required for private keys) in the Enter Password and Enter Password Again fields.
If you are using any of the sample keys provided in the directory BC_HOME\samples\keys, the password is "Password1".
6.
Click OK and Save.
The new private key for the host is now listed in the Credential Name list.
New SSH Private Key
SSH keys are used to support the SSHFTP transport in BusinessConnect.
To upload a SSH private key, perform these steps:
1.
Expand BusinessConnect > Participants > host > Credentials tab.
2.
Click New SSH Private Key.
Type the name of the key in the Alias field.
3.
Browse and navigate to the file containing the SSH private key and click OK.
4.
Click set next to Password.
Type the password (required for private keys) in the Enter Password and Enter Password Again fields.
5.
Click OK and Save.
The new SSH key for the host is now listed in the Credential Name list.
Generating New PGP Key Pairs
TIBCO BusinessConnect can create new PGP key pairs for users and store them in the certificate store. These key pairs contain a private and a public key and can have a key size of 1024 or 2048 bytes. The key types are DSA and ElGamal or RSA and allows both for encryption and signing. These key pairs also contain the name of the private key owner, as well as an email address of that owner.
The new PGP key are automatically imported into the TIBCO BusinessConnect configuration store and associated with the host.
1.
Expand BusinessConnect > Participants > host > Credentials tab.
2.
Click New PGP Private Key.
3.
Generating a New Key Pair
This option generates both a private and a public key. When a key pair generated this way is exported either in form of binary files or in the ASCII Armor format, both keys will be exported at the same time.
DSA and ElGamal   Both created keys, private and public, support signing using the DSA algorithm and encryption using the ElGamal algorithm.
RSA Key Pair   Both created keys, private and public, support signing and encryption using the RSA algorithm.
Uploading from a File
When exporting an uploaded private key for the host, it will only have the option of exporting this private key, without the public part.
Importing from ASCII Armor
Users can import a PGP key pair for the host partner in two ways:
Importing from the ASCII armor allows you to import both the private and public PGP key. In the Import from ASCII Armor window, enter data as explained in Table 5.
All PGP keys, generated or uploaded/imported, will be available in the Edit Host Participant window.
Assigning a Shadow Key for the Host
To assign a shadow key, follow these steps:
1.
Expand BusinessConnect > Participants > host > Credentials tab.
Figure 2 Editing Host Participant: Credentials Tab
2.
The Edit Private Key dialog is displayed.
3.
In the Shadow Settings area, select the Activation date for shadow key using the three menus. This date has to be chosen before the first key is about to expire. From the Shadow Key list, select the key you would like to use as replacement, such as hostsPrivateKey.
4.
Click Save.
After the shadow key takes effect, it is still a shadow key. You have to remove or update the original credential and remove or promote the shadow key.
Managing Partner Credentials
There are several credentials available for a partners that can be uploaded using the Credentials tab:
New Certificate
To upload a new certificate key for the partner, perform these steps:
1.
Expand BusinessConnect > Participants > partner > Credentials tab.
2.
Click New Certificate.
Type the name of the key in the Alias field.
3.
Browse and navigate to the file containing the certificate and click OK.
4.
Click Save.
The new certificate for the partner is now listed in the Credential Name list.
New SSH Public Key
SSH keys are used to support the SSHFTP transport in BusinessConnect.
To upload a SSH public key, perform these steps:
1.
Expand BusinessConnect > Participants > partner > Credentials tab.
2.
Click New SSH Public Key.
Type the name of the key in the Alias field.
3.
Browse and navigate to the file containing the SSH private key and click OK.
4.
Click Save.
The new SSH key for the partner is now listed in the Credential Name list.
New PGP Public Key
When a user creates a PGP key pair for a host, it is automatically imported into the TIBCO BusinessConnect configuration store as a Server PGP key pair and is associated with the host. For the partner, users can only upload or import the public portion of a PGP key pair, which is normally received from the trading partner.
5.
Expand BusinessConnect > Participants > partner > Credentials tab.
6.
Click New PGP Public Key.
The New PGP Public Key dialog opens.
7.
8.
Click Save.
Assigning a Shadow Certificate for the Partner
To assign a shadow certificate:
1.
Expand BusinessConnect > Participants > partner > Credentials tab.
Figure 3 Editing Partner Participant, Credentials Tab
2.
The Edit Certificate dialog is displayed.
3.
In the Shadow Settings area, select Activation date for shadow Certificate using the three menus. This date has to be chosen before the first certificate is about to expire.
4.
5.
Click Save.
After the shadow certificate takes effect, it is still a shadow certificate. You have to remove or update the original certificate and remove or promote the shadow certificate.
Exporting PGP Keys
PGP keys can be exported in two formats:
Binary   With this format, the key content will be saved directly into a file.
ASCII Armor   With this format, both the private and the public keys will be base64 encoded and wrapped with a PGP specific header and footer. The text boxes that contain the ASCII Armor encoded key parts are editable.
Users can export either the public or private portions of the PGP key pair, but these two portions of a key pair are always exported separately. When users also have an option to copy the contents of the public key in ASCII armor format from a screen.
Exporting the Host’s PGP Key Pair in a Binary Format
To export a PGP key pair in a binary format:
1.
In the BusinessConnect > Participants > Host > Credentials tab, select the check box next to the PGP private key you want to export.
2.
Click Export.
3.
a.
Click set next to the Private Key Password.
b.
4.
5.
Save the file key_name_pgp.priv on a desired location.
6.
7.
Save the file key_name_pgp.pub on a desired location.
Exporting the Partner’s PGP Public Key in a Binary Format
To export an uploaded public PGP Key in a binary format:
1.
In the BusinessConnect > Participants > Partner > Credentials tab, select the check box next to the PGP public key you want to export.
2.
Click Export.
3.
4.
Save the file key_name_pgp.pub on a desired location.
Exporting the Host’s PGP Key Pair in the ASCII Armor Format
To export the host’s PGP key pair in the ASCII Armor format:
1.
In the BusinessConnect > Participants > Host > Credentials tab, click the link for the PGP private key you want to export.
2.
These text blocks can be pasted to export the key pair to another location. Users can copy the public key from the PGP Public Key text box, copy it into an email message, and send to their trading partners.
The text boxes that contain key parts are editable. An example of the private PGP key exported in the ASCII Armor format looks as follows:

 
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: BCPG v1.46
 
lQH0BE6Djw4DBADAW6JewR3W60WZXfqjo5zKb2I+FYMFOUFsQ4P0kXM2/iorTX0h
RZm2uVGq6hi5YwxaCiNOFv+KZV1MhPXVlhq3j/yWQ6ylzE/SRvtTQmFsSw3uzLDS
BU+UsIREVbZOuXl/8Hl1eVLwS6iL+T06RMeCtzf7tJvGM9mynNcN0vs68QARAQAB
/wkDArjX6KnITRqiYPPjbsIZhhxTWb0YnBSEXRyhSpk3bPVBhFcC+BTWnq4vtRd0
qcHQwNQAYuvq94zJhI69tT+L15PTj4geixZvID/ZxCUoBzGywOJC4SEaZYGEPrV+
nIzN2zYZvf266ZApjNv+gWYhvCRI7r8YPCQo2rD2sx2IRl7/bnHcn6W9UgVAN4Vl
VESIbKvrODd0+XUZbqVZl5Jg91QZFNvO/fnmdvx6tBZXuw6WT2OIJFTe0oLl6S/z
h0MvB2OjMgqMofhhw8Oji2zqmr/Py4gMKSVOblLD7YvTGKL1TX8/YtmjoTTFo6Qk
53mwQrQNh+CCO1TIEd86dsT5ZbFRZByWcPfmEfU5yWKRVsHxFbueeySNLevXARbe
px5yQHFkbW5lKorfEE5BUoMwnRUvqe9XZ47GU3Lf4PDmT7+IOXWReCbeL7TPn7lu
69mfJ7azHQsMfe4VBJCLTzZcu8/Qkxq0GEpvaG4gRG9lIDxqb2huQGFjbWUuY29t
Poi3BBMDAgAhBQJOg48OBQkB49Z/BwsJCAcCAwQDFgECBRUCAQMFAoQBAAoJEBt2
dzrZM3bEtVQD/2mJadc79xdkrJteQBGiipitEnpsiTvbgJk4V8pPX5jH5rBls/Q3
axcL7jmkADdSrlKGNZhOEZ2d2UYBiGIztLH6iednTKH5K+SO+DVJfJp9CkFRQzyX
/4ZsQK8Lva20v/QrVNcTKRGtMPOS+WteEle5Atj0z8G+pX+KfSMI2QkOnQH0BE6D
jw4CBACaRqi7rKuEnyQcHbZ+Kx0RWS5uyFUyHLhZWV4xizU7HXgdUwdB8vIKLJwF
pT1ayC2mHDveJl1RDqv/iN8GmUW5SX5rzz7XdCz03ZEcLJDwryqV83lVW0GKc3bU
ujtIxVQUcNY7uJXbS/EAQrJjzPTT11vqCXkqbBWfkYJ9WmGU6wARAQAB/wkDAhvZ
cI9XQ3aqYFxMsgyWIwDxypGugz7U/f4ioRXn4i1EnPm5Q9YoMh7nhzIZxJU1CAHS
uqpB5W/tsp2RGMmhnO+j6Zo0/QB5htiNuLi5/eu1qDIjHLtEVFhylvV4cwET2lVZ
r6HOVV94B1hqDS3kgHSwGHmGZoMpd7cTAYjTJ8g4BXz6xIrlUJFwAnyKUcZ7uMl0
t6O7Q07yPrckA3UmzYNKrffZwRzXoOaeNy3uc24XLngxVIYTaEm7VShwOyHKOTD/
o4ZBU48XEEmmW/VWhHz3RJadABjHqwkWd1h0YG3gCr7byTY+mIoab2Be+i2nXXxz
60Zv8tAqqERUj51T011CRpIeskjBJKAlvlW2WmCyb+Ma+FXu53eihmBOw078oaR1
bajn4Tqo85ewTHUlx1IjYD7IGzKGjVZ4JeU67yMRhKGhEhqcsCGu9YUH5HQJ2+Og
Gi/S4aOPJdsueSRbrbAMAq+ItwQYAwIAIQUCToOPDgUJAePWfwcLCQgHAgMEAxYB
AgUVAgEDBQKEAQAKCRAbdnc62TN2xK8sBACb7knDY1HTZUw4dzr0K5JPAkylyzSS
3G6ml7/cmqyJbOWPmGXNLO9AE565FAQ7/6jFpMrH9C9SuoayjDD57Z7qTKqdDDzr
aSpuU9vTEbS0ku55BZNO/goSZn1Ml2XSNVbnWgoXbINGY3J2WIwQcVZc5eZp8DBA
BAb8xKvrAwvAsA==
=EsBt
-----END PGP PRIVATE KEY BLOCK-----
 

 
An example of the public PGP key exported in the ASCII Armor format looks as follows:

 
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.46
 
mI0EToOPDgMEAMBbol7BHdbrRZld+qOjnMpvYj4VgwU5QWxDg/SRczb+KitNfSFF
mba5UarqGLljDFoKI04W/4plXUyE9dWWGreP/JZDrKXMT9JG+1NCYWxLDe7MsNIF
T5SwhERVtk65eX/weXV5UvBLqIv5PTpEx4K3N/u0m8Yz2bKc1w3S+zrxABEBAAG0
GEpvaG4gRG9lIDxqb2huQGFjbWUuY29tPoi3BBMDAgAhBQJOg48OBQkB49Z/BwsJ
CAcCAwQDFgECBRUCAQMFAoQBAAoJEBt2dzrZM3bEtVQD/2mJadc79xdkrJteQBGi
ipitEnpsiTvbgJk4V8pPX5jH5rBls/Q3axcL7jmkADdSrlKGNZhOEZ2d2UYBiGIz
tLH6iednTKH5K+SO+DVJfJp9CkFRQzyX/4ZsQK8Lva20v/QrVNcTKRGtMPOS+Wte
Ele5Atj0z8G+pX+KfSMI2QkOuI0EToOPDgIEAJpGqLusq4SfJBwdtn4rHRFZLm7I
VTIcuFlZXjGLNTsdeB1TB0Hy8gosnAWlPVrILaYcO94mXVEOq/+I3waZRblJfmvP
Ptd0LPTdkRwskPCvKpXzeVVbQYpzdtS6O0jFVBRw1ju4ldtL8QBCsmPM9NPXW+oJ
eSpsFZ+Rgn1aYZTrABEBAAGItwQYAwIAIQUCToOPDgUJAePWfwcLCQgHAgMEAxYB
AgUVAgEDBQKEAQAKCRAbdnc62TN2xK8sBACb7knDY1HTZUw4dzr0K5JPAkylyzSS
3G6ml7/cmqyJbOWPmGXNLO9AE565FAQ7/6jFpMrH9C9SuoayjDD57Z7qTKqdDDzr
aSpuU9vTEbS0ku55BZNO/goSZn1Ml2XSNVbnWgoXbINGY3J2WIwQcVZc5eZp8DBA
BAb8xKvrAwvAsA==
=QoV7
-----END PGP PUBLIC KEY BLOCK-----

 
Exporting the Partner’s PGP Public Key in the ASCII Armor Format
To export the partner’s PGP public key in the ASCII Armor format:
1.
In the BusinessConnect > Participants > Partner > Credentials tab, click the link for the PGP public key you want to export.
2.
Users can copy the public key from the PGP Public Key text box, copy it into an email message, and send to their trading partners.
The text boxes that contain key parts are editable. An example of the public PGP key exported in the ASCII Armor format looks as follows:

 
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.46
 
mI0EToOPDgMEAMBbol7BHdbrRZld+qOjnMpvYj4VgwU5QWxDg/SRczb+KitNfSFF
mba5UarqGLljDFoKI04W/4plXUyE9dWWGreP/JZDrKXMT9JG+1NCYWxLDe7MsNIF
T5SwhERVtk65eX/weXV5UvBLqIv5PTpEx4K3N/u0m8Yz2bKc1w3S+zrxABEBAAG0
GEpvaG4gRG9lIDxqb2huQGFjbWUuY29tPoi3BBMDAgAhBQJOg48OBQkB49Z/BwsJ
CAcCAwQDFgECBRUCAQMFAoQBAAoJEBt2dzrZM3bEtVQD/2mJadc79xdkrJteQBGi
ipitEnpsiTvbgJk4V8pPX5jH5rBls/Q3axcL7jmkADdSrlKGNZhOEZ2d2UYBiGIz
tLH6iednTKH5K+SO+DVJfJp9CkFRQzyX/4ZsQK8Lva20v/QrVNcTKRGtMPOS+Wte
Ele5Atj0z8G+pX+KfSMI2QkOuI0EToOPDgIEAJpGqLusq4SfJBwdtn4rHRFZLm7I
VTIcuFlZXjGLNTsdeB1TB0Hy8gosnAWlPVrILaYcO94mXVEOq/+I3waZRblJfmvP
Ptd0LPTdkRwskPCvKpXzeVVbQYpzdtS6O0jFVBRw1ju4ldtL8QBCsmPM9NPXW+oJ
eSpsFZ+Rgn1aYZTrABEBAAGItwQYAwIAIQUCToOPDgUJAePWfwcLCQgHAgMEAxYB
AgUVAgEDBQKEAQAKCRAbdnc62TN2xK8sBACb7knDY1HTZUw4dzr0K5JPAkylyzSS
3G6ml7/cmqyJbOWPmGXNLO9AE565FAQ7/6jFpMrH9C9SuoayjDD57Z7qTKqdDDzr
aSpuU9vTEbS0ku55BZNO/goSZn1Ml2XSNVbnWgoXbINGY3J2WIwQcVZc5eZp8DBA
BAb8xKvrAwvAsA==
=QoV7
-----END PGP PUBLIC KEY BLOCK-----

 

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved