To enable encryption it is required that the encryption keys be setup on the Purplecube Agents involved in data extraction and load. Purplecube extracts data from source as is, in raw readable format. There are mainly two scenarios when you would want to encrypt the extracted data:

1. When the Agent used to connect to source and target are geographically separated and the data needs to be transferred through open network

2. When the target is a file and needs to be encrypted and stored. Purplecube provides an option to encrypt and secure the extracted data.

Follow below steps to configure the encryption keys.

Step I: Generate the encryption keys. 

  • Use Purplecube's CLI command, dicmd genkey rsa|pgp|aes, to generate the encryption keys. When generating the key, the command will prompt to provide an Agent name. Based on the scenario for which the encryption key is generated this will vary.

1. When encrypting the source data for agent to agent data transfer then, this will be the name of the target Agent used to load the data.

2. When only single agent is involved and the target in the job is encrypted file then, this will be the name of the single Agent. 

  • You can generate the AES key or PGP key. The AES key generated can be further encrypted using dicmd encrypt option. For this, you need to generate the RSA public-private key using the genkey option and then, use the CLI command, dicmd encrypt -f aesKeyFile -k rsaPublicKeyFile, to encrypt the generated AES/PGP key. 
  • For more information on generating these keys, refer the page Working with dicmd command.

Step II: Setting up keys on the Purplecube Agents

  • For Purplecube to encrypt the extracted data at source Agent and then decrypt at target Agent, the keys generated in the prior step needs to be placed under the Agent installation path. The encryption key file is required to be placed on all the Agents involved in extraction and load from system to another. 
  • When using AES keys then,
    • If key is not encrypted using RSA public key then, the [AgentName]_diaes.key generated should be placed at $Purplecube_HOME/agent/keys folder under the source and target Agent installation.
    • If key is encrypted using RSA public key then, the [AgentName]_diaes_enc.key and diprivate.key generated should be placed at $Purplecube_HOME/agent/keys folder under the target Agent installation and the [AgentName]_diaes_enc.key and dipublic.key generated should be placed at $Purplecube_HOME/agent/keys folder under the source Agent installation.
  • When using the PGP key the [AgentName]_secretKey.key generated should be placed at $Purplecube_HOME/agent/keys folder under the source Agent installation and PGPdiprivate.key should be planed at $Purplecube_HOME/agent/keys folder under the target Agent installation.

Once the above setup is completed, you can enable encryption in the extraction properties of data point, source instance in data flow or source instance in data flow instance in job flow. Similarly, you can enable or disable the decryption in case of file target in the load properties of the file data point, target instance in data flow or target instance in data flow instance in job flow. For more details on this, refer pages Working with Data PointWorking with Data Flow and Working with Job Flow.