Creating and wrapping an encryption key

Medallia Experience Cloud uses a cryptographic key to encryption and encrypt sensitive text. Some companies choose to provide their own key instead of using one generated by Experience Cloud. This process explains how to generate such a key. It also explains how to wrap the generated key in an encrypted file that hides the true key while the key is in transit to the Experience Cloud instance. This process keeps the key from being compromised in-transit

  1. Generate and download a wrapper to hide the key in transport.
    Create and download the wrapper key named MedalliaWrapperKey.key. .
  2. Generate a AES-256 symmetric key using whatever appropriate software.
    For example, using openssl to generate a random key in Unix:
    openssl rand 32 -out keyfile.bin
  3. Wrap the AES key using the downloaded key (MedalliaWrapperKey.key).
    For example, using openssl to encrypt and wrap the key:
    openssl rsautl -encrypt -inkey MedalliaWrapperKey.key -pubin -in keyfile.bin -out key.bin.enc
  4. Base64 encode the wrapped key.
    For example, using base64 on Unix to encode the key:
    openssl base64 -A -in aeskey.bin.enc -out wrapKey.bin

The generated key is now encrypted, wrapped, and encoded in a format appropriate to upload into Medallia Experience Cloud. In the examples above, submit the customer.key file generated in the last step.

Provide the wrapped key to the person configuring Medallia Experience Cloud.