CA Payment Security PGP key expiring on Jan 21, 2017

Document ID : KB000005170
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

The current CA Payment Security PGP Public key in your system will expire on January 21, 2017. Customers may not be able to use this key for encrypting data upload files after this date, thus impacting the ability to upload cardholder data.

Background

A CA Payment Security PGP keys are used by CA Payment Security customers to encrypt cardholder data files prior to being consumed by CA Payment Security (Transaction Manager) solution. These cryptographic keys used in a PCI environment and are required to be changed every few years to limit the risk that the keys can be compromised or stolen. This article details the need for customers to update CA Payment Security PGP Public key that will expire on January 21, 2017. 

Environment:
Production
Cause:

CA Payment Security PGP key expiration on January 21, 2017. 

Resolution:

Customers must update the provided CA Payment Security PGP Public key (embedded in this KB article) in their systems on or before January 20, 2017. Depending on the software you use for PGP key management, the commands to import CA Payment Security PGP key may be different. here are pointers for some applications used for PGP

a)      GnuPG

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Step_by_Step_Guide/s1-gnupg-import.html

b)      Symantec Encryption Desktop for Windows

https://support.symantec.com/en_US/article.HOWTO42073.html

c)      PGP Command Line

https://support.symantec.com/en_US/article.TECH149827.html

d)      Authora

http://www.authora.com/documents/EDGEUserGuide.pdf Page#31

e)      GoAnywhere

 

https://www.goanywhere.com/openpgp-studio/documentation/key-manager

Additional Information:

FAQs:

1. What is PGP and why do we use it?

Answer: Please review the posting at: https://communities.ca.com/people/chama30/blog/2017/01/05/pgp-encryption for information on PGP and why we need to use it?

2. What is this key used for?

Answer: The public key is used for encrypting data to be shared with CA Payment Security Operations team, most commonly cardholder data to upload in CA Transaction Manager.

3. Why do we need to update PGP key?

Answer: All cryptographic keys used in a PCI environment must be changed every few years, because if the key is compromised or stolen the damage will be limited.

4. How do I verify that key was updated successfully?

Answer: The current CA Payment Security Operations PGP Public Key is identified by

pub   1024D/90B25884 2012-01-23 [expires: 2017-01-21]

      Key fingerprint = 7865 809D 9FCD 75C0 B127 A6BF 0B78 4DD8 90B2 5884

uid                  Arcot <arcot@ca.com>

uid                  Arcot Operations (Transfort) <Team-ArcotOPS_DL@ca.com>

sub   2048g/669ADB15 2012-01-23 [expires: 2017-01-21]

 

Once the new Key is imported, this can be identified by

pub   1024D/90B25884 2012-01-23 [expires: 2019-03-06]

      Key fingerprint = 7865 809D 9FCD 75C0 B127 A6BF 0B78 4DD8 90B2 5884

uid                  Arcot Operations (Transfort) <Team-ArcotOPS_DL@ca.com>

uid                  Arcot <arcot@ca.com>

sub   2048g/669ADB15 2012-01-23 [expires: 2019-03-06]

 

5. Do I need to do anything after import?

Answer: You must verify trust on the updated public key for more information about trusting a pgp key refer https://www.gnupg.org/gph/en/manual/x334.html If the key is not trusted, the software will prompt you for confirmation when using it, this may break your automated process.

6. Where can I find the new PGP Public Key?

Answer: You can find it embedded in this document.

7. For more questions on this topic, who could we reach out to?

 

 

Answer: For any questions or concerns related to this schedule, please contact your Primary Project Manager or the CA Project Management team at Team-Arcot-PM@ca.com. For all production issues identified during upgrade and post upgrade, please contact the CA Support team by phone at 1-866-992-7268 (or your Regional Support Contact) or by opening a support request at support.arcot.com.

File Attachments:
TEC1823125.zip