Using Generated Keys For Encryption

admin 15.04.2020

Oracle Secure Backup enables you to perform the following types of encryption:

Software encryption
Software encryption is supported for hosts that have the Oracle Secure Backup software installed. It is not supported for NDMP hosts or NAS filers. The data that is backed up is encrypted before it is sent over the network to the backup storage media.
When you use software encryption for a backup, all backup image instances associated with this backup are encrypted. If software encryption is not enabled at the time the backup is created, you can encrypt a backup image instance created using the original unencrypted backup if this backup image instance is being stored in a tape device that supports hardware encryption.
See Also:
Oracle Secure Backup Reference for more information about backup encryption when copying backup image instances
Hardware encryption
Hardware encryption is supported only for tape devices that support encryption such as the LTO5 tape drive. The tape device hardware performs the required data encryption.
If a backup that uses hardware encryption is copied to a disk pool, the backup image instance on the disk pool is unencrypted. However, if a backup is created using software encryption, you cannot use hardware encryption for backup image instances created using this backup.

You will have to generate a private and a public encryption key in order to securely send the order information to FastSpring.

Storing keys in a KeyStore can be a measure to prevent your encryption keys from being exposed. Java KeyStores securely contain individual certificates.
I want to use encryption algorithm available in.Net Security namespace, however I am trying to understand how to generate the key, for example AES algorithm needs 256 bits, that 16 bytes key, and some initialization vector, which is also few bytes.
I have recently been learning about public/private key encryption in my computer science lessons, and how it works in terms of data encryption/decryption. We also covered how it can be used for digital signatures. However, we didn't go into too much detail on how the actual keys are generated themselves.

There are two ways on how to generate these keys. The easy way or the long way. The easy way is only possible, if your server is supporting openssl functionalities needed for encryption key generation. These openssl functionalities will be detected by the plugin and so, depending on your server, you will either see the “Generate private and public key” button in the plugin settings page or you wont. If you see the button, then you will be able to use the easy way, if you don’t then please look at the instructions for the long way.

Easy way

click on the “Generate private and public key” button in the plugins settings
if the key generation was successful, dismiss the alert message and download the public-key.pem file, by clicking on the “Download private and public key” link
save the plugin settings
login to your FastSpring dashboard and navigate to Integrations » Store Builder Library. Upload the public-key.pem file to the Public Certificate option.

That’s it! 🙂

I'm generating an encryption key to encrypt some sensitive data with the Rijndael (AES) encryption algoritm.I'm using a guid as key generator. Are these keys 'strong' enough? Note: it is only sensitive for 20 minutes.

Long way

The private and public keys will have to be generated on your computer, so let’s look at how to generate them.

Generate the private/public keys

Create Public Key For Encryption

The generation of these private/public keys differ, depending on which computer operating system you are using. Please follow the instructions for the OS your computer is using.

macOS and Linux

On macOS and on Linux, you should open the terminal program and execute the commands displayed below:

Create a 2048-bit RSA private key. Don’t share this key with anyone, use it only in the EDD FastSpring plugin settings. This key will be used to encrypt the orders. Use this command to generate the privatekey.pem file which will contain your private key. The file will be created in the position, that the terminal is currently located in (usually your home directory).

openssl genrsa -out privatekey.pem 2048

Create a 2048-bit RSA public key. Only share this key with FastSpring. FastSpring will use your public key PEM file publiccert.pem to decrypt the orders. The file will be created in the position, that the terminal is currently located in (usually your home directory). After you run this command a few short questions will be presented to you, which you can skip, by hitting “enter” key for each of them.

Backup Encryption Key

openssl req -new -key privatekey.pem -x509 -days 3650 -out publiccert.pem

The primary key it generates for you never expires. You can, however, set the expiration date on the generated subkeys using the 'Expire' option in the key generation form. Key encryption key (KEK): is an encryption key whose function it is to encrypt and decrypt the DEK. Key management application program interface (KM API): is an application interface that is designed to securely retrieve and pass along encryption keys from a key management server to the client requesting the keys. The processes of inspiration and expiration are vital for providing oxygen to tissues and removing carbon dioxide from the body. Inspiration occurs via contraction of muscles such as the diaphragm, whereas expiration tends to be passive at rest. This process changes slightly when breathing is forced.

Now that you have generated these keys, you have to configure the EDD FastSpring plugin and the FastSpring Dashboard, so look at these instructions in the sections below.

Windows

For generation of these private/public keys your computer needs OpenSSL. Windows does not have that installed by default, so we will have to do that ourselves.

Go to this website: https://slproweb.com/products/Win32OpenSSL.html
In the “Download Win32 OpenSSL” section download the latest appropriate “Light” version of the OpenSSL installer. By “appropriate” I mean the version of Windows you are using (32bit or 64bit). I’m using the 64-bit Windows, so at the time of writing this, the latest version to download is “Win64 OpenSSL v1.1.0f Light”.
Install the downloaded installer file as you would any other windows application (leave the default installation path, because it will be needed later on). In the last step, you can uncheck the donation option and click on “Finish”.

So, the OpenSSL is now installed on your Windows computer and we can generate the private and public keys.

Click on your Windows start button and search for “Command Prompt” (cmd), right click on the “Command Prompt” and choose to “Run as administrator”. Click on “yes”, when the window for the administration conformation pops up.

Copy and paste this command into the cmd and hit enter (this will position the cmd location to your desktop, where we will generate the private/public keys):

cd %userprofile%Desktop

Depending on which version of Windows you have and therefore which version of OpenSSL you installed, you will have to use a specific path to the OpenSSL executable.

By default the paths are:

If you installed the win32 version, the path will be:
C:OpenSSL-Win32binopenssl.exe
If you installed the win64 version, the path will be:
C:OpenSSL-Win64binopenssl.exe

Encryption Key Management Procedure

I’m using the win64 version, so I’ll use that path in the example, if you are using the win32, then just change the “64” in the path to “32”.

C:OpenSSL-Win64binopenssl.exe genrsa -out privatekey.pem 2048

Facebook SDK uses two different keys, one is Debug key which you can use during your development phase and other is Release key which is used once you create a signed application package. Here is a link about how to create debug and release keys. Also check out this SO post. Android Studio Setup. Go to Android Studio New Project Minimum SDK. Select API 15: Android 4.0.3 (IceCreamSandwich) or higher and create your new project. After you create a new project, open Gradle Scripts build.gradle (Project: and do the following: Add the following to the. Generate release key hash for facebook. May 23, 2019 Adding key hash in Facebook developers console is mandatory and if you want to use the Facebook Login in your android mobile application then you have to add the key hash. In this tutorial we would Generate Release key hash for Facebook Login in Android devices. We would generate the key has in our windows system.

Create a 2048-bit RSA public key. Only share this key with FastSpring. FastSpring will use your public key PEM file publiccert.pem to decrypt the orders. After you run this command a few short questions will be presented to you, which you can skip, by hitting “enter” key for each of them.

C:OpenSSL-Win64binopenssl.exe req -new -key privatekey.pem -x509 -days 3650 -out publiccert.pem

Now that you have generated these keys, you have to configure the EDD FastSpring plugin and the FastSpring Dashboard, so look at these instructions in the sections below.

EDD FastSpring settings

Open the privatekey.pem file you generated earlier with a text editor (right-click to the file and choose to open with any text editor like Sublime Text or native text editor of your OS). Copy the content of this file.

Go to your WordPress admin dashboard and navigate to the EDD FastSpring plugin settings (Downloads » Settings » Payment Gateways » FastSpring).

Paste the private key content into the Private encryption key setting. Save the settings.

FastSpring dashboard configuration

Login to your FastSpring dashboard and navigate to Integrations » Store Builder Library. Upload the publiccert.pem file to the Public Certificate option.

If you have any issues with generating these keys or questions, you can always contact our support and we will help you out 🙂