Encrypting a File with the WFM PGP Key

To ensure a secure import process, you must encrypt your import files with a third-party encryption tool that is supported and tested by WFM.

For more information on the tool that is supported, see Supported PGP Encryption Tools.

To encrypt an import file with the WFM PGP key:

  1. As a system administrator user within WFM, navigate to Maintenance > System Administration > PGP Key Generator.
    If you see the following message, no PGP key has been generated: There is no public key available. Please generate a key if PGP encryption is being used.
  2. Specify an identity value for the key that you will generate in the system/WORKBRAIN_PARAMETERS/PGP_KEY_IDENTITY_VALUE registry parameter. Specifying an identity value allows you to differentiate your keys in different environments. If you ever change the identity value that you specify in the registry parameter, you will need to generate a new key in the WFM application.

    For more information on the system/WORKBRAIN_PARAMETERS/PGP_KEY_IDENTITY_VALUE registry parameter, see Infor Workforce Management Registry Parameter Reference Guide.

  3. To generate a PGP key which you will use to encrypt your import files, click Generate a New Key.
    A new key should now be visible within WFM. Within the WFM database, the PGP public and private keys are encrypted using the master keystore file and stored in the WFM database as an ASCII base 64 CLOB. The CLOB contains both public and private PGP keys.
    Note: If you have not configured your WFM environment for a master keystore file as outlined in Setting Up the Master Keystore File for WFM in the Infor Workforce Management Installation and Configuration Guide, you will get an application error at this point if you click Generate a New Key.

    Each time you generate a new PGP key, you must use the new key to encrypt the files that you are importing into WFM. The previous PGP key generated in WFM is no longer valid.

  4. To export the key, click Export Key
    The displayed public key is saved to a public.asc file. This file is a PGP public key that will be used to encrypt your WFM import file. The private key is saved to the Sensitive Data Configuration form with a configuration type of PGPIMPORTPRIVATEKEY.
  5. Next, use your supported encryption tool and the PGP public key generated and exported from WFM to encrypt your import files.

    As an example, on Windows you can use the GPG4win client (named Kleopatra) to encrypt your files using text output (ASCII armor) with the PGP public key that you exported from WFM. A similar process is used for the Linux distribution of this tool. For more information on the tools supported by WFM to encrypt a file, see Supported PGP Encryption Tools.

  6. After the file is encrypted it will have a *.asc file extension in addition to the file extensions it already had. If you open the file in a text editor, it will appear as ASCII format (Base 64 encoding).
After your files are encrypted with the PGP public key from WFM, you can set up a Job Scheduler task to import the files. For information on how to do this, see Importing an Encrypted File into WFM.