1. Security Guide
  2. Secure Installation and Configuration
  3. Generating Security Keys

2.12 Generating Security Keys

Oracle Banking Digital Experience supports generating Security Keys required for encryption of sensitive information.

i. Generating Public and Private Key Pair

Oracle Banking Digital Experience supports generating Public and Private Key pair that will be used for encryption of login password on the User Interface.

  1. Login as the Admin user.
  2. Click on menu item “Security” → “Security Keys”
    Description of security15.png follows
    Description of the illustration security15.png

  3. Click on “Generate” for new Public and Private Key Pair generation used for encryption.
    Description of security16.png follows
    Description of the illustration security16.png

  4. Restart the WebLogic server for utilizing the above generated key pair.

    By default the Public and Private key pair is not generated and the password is not encrypted on the User Interface. Once the Key Pair is generated, encryption will be effective after server restart.

    In case of Private key compromise, an Administrator can generate a new Key Pair to mitigate the impact of compromised key.

ii. Generating JWT Encryption Key

Oracle Banking Digital Experience supports generating key that will be used for encryption of JSON Web Token (JWT). The JWT is used as a session token for Alternate login (Fingerprint/Pin/Pattern) on mobile apps.

  1. Login as the Admin user.
  2. Click on menu item “Security” → “Security Keys”.
    Description of security15.png follows
    Description of the illustration security15.png

  3. Click on “Generate” for new encryption key generation used to encrypt JWT.
    Description of security18.png follows
    Description of the illustration security18.png

  4. Restart the WebLogic server for the utilizing the above generated encryption key.

    By default the JWT Encrpytion key is not generated and the JWT is stored in clear text. Once the Encyrption Key is generated, encryption will be effective after server restart.

    In case of JWT encryption key compromise, an Administrator can generate new encyrption key to mitigate the impact of compromised key.

iii.Generating API Key

The API key is a unique identifier that helps authentication server handle non authenticated requests. This is required by asynchronous requests such as File upload, alerts, etc. to communicate with the authentication server. Hence, as a part of Day 1 activity, API Key should be mandatorily generated by clicking the Generate button.

Navigation Path:

From System/ Bank Administrator Dashboard, click Toggle Menu, then click Menu and then click Security. Under Security , click Security Keys, then click API Key.

Figure 2-1 API Key


Description of Figure 2-1 follows
Description of "Figure 2-1 API Key"

Note:

If you change the AES key connector password from Weblogic console, then you need to again generate the API key and take managed server restart.

Parent topic: Secure Installation and Configuration