Creating and wrapping an encryption key
Medallia Experience Cloud uses a cryptographic key to encryption and encrypt sensitive text. Some companies choose to provide their own key instead of using one generated by Experience Cloud. This process explains how to generate such a key. It also explains how to wrap the generated key in an encrypted file that hides the true key while the key is in transit to the Experience Cloud instance. This process keeps the key from being compromised in-transit
- Generate and download a wrapper to hide the key in transport.Create and download the wrapper key named MedalliaWrapperKey.key. .
- Generate a AES-256 symmetric key using whatever appropriate software.For example, using
opensslto generate a random key in Unix:
openssl rand 32 -out keyfile.bin
- Wrap the AES key using the downloaded key (MedalliaWrapperKey.key).For example, using
opensslto encrypt and wrap the key:
openssl rsautl -encrypt -inkey MedalliaWrapperKey.key -pubin -in keyfile.bin -out key.bin.enc
- Base64 encode the wrapped key.For example, using base64 on Unix to encode the key:
openssl base64 -A -in aeskey.bin.enc -out wrapKey.bin
The generated key is now encrypted, wrapped, and encoded in a format appropriate to upload into Medallia Experience Cloud. In the examples above, submit the
customer.key file generated in the last step.