Add encryption to a data file connector

To keep your data more secure, you add encryption to a connection in Customer Data Hub. Syncing encrypted files to Totango is more like sending a file within a vault instead of sending a file. Encrypted files will be stored encrypted in Totango internal storage.

What you need to know

  • Encryption is enabled for all data file connectors except local files.
  • Encryption is enabled at the connection level.
  • Integration jobs that use an encrypted connection support both encrypted and regular files.
    mceclip0.png
  • Encrypted files must be signed with the user sender email (this is not the native behavior of online tools).
  • When configuring an integration using an encrypted file, the preview and validation actions can take more time (i.e., Totango has to download the entire file to preview the first 10 rows).
  • Encrypted files are limited to 500GB in size.

Learn more about public keys and Totango key generic information

The encryption flow

The encryption flow is as follows:

  1. Create or use your company's public and private key.
  2. Configure an encrypted connection in Totango using your public key and sender email.
  3. Encrypt your file using these 4 encryption parameters:
    • Totango public key
    • Totango receiver email
    • Your private key
    • Your sender email
  4. Upload/sync your file to Totango.
  5. Totango will start processing the file but first encrypt it based on the connector encryption parameters.
  6. Totango saves this file for backups (based on the backup file retention policy), and you can download it. The file is saved encrypted.

Configure an encrypted data file connection

  1. Configure a data file connection in Customer Data Hub.
  2. After you test and save the connector details, click Add File Encryption.
  3. Add your encryption parameters by typing in the sender email (the one you used for creating the encryption keys), and paste your public key.
  4. Click Save Encryption.
    mceclip1.png

You can update the key once it is expired or to delete it.
mceclip2.png

Encrypt your data file

There are many ways to encrypt your data file. The following steps use command line to prepare an encrypted file for an integration job with Totango.

  1. Download and install the GPG command-line tools for your operating system. 

    You can check the version and functionality of the utility using the command

    $gpg --version
    $gpg --help
  2. Create user keys.
    $gpg --full-generate-key
  3. Choose RSA type (the 1st option).
    Please select what kind of key you want?
    (1) RSA and RSA (default)
    (2) DSA and Elgamal
    (3) DSA (sign only)
    (4) RSA (sign only)
    (14) Existing key from card
  4. Choose 4096 key size.
    What keysize do you want? (2048) 4096
  5. Choose 5Y for the key expiration.
    Please specify how long the key should be valid.
    0 = key does not expire
    <n> = key expires in n days
    <n>w = key expires in n weeks
    <n>m = key expires in n months
    <n>y = key expires in n years
    Key is valid for? (0)
  6. Add you real name, email, and a textual passphrase
    Real name: your name
    Email address: your email 
    Enter passphrase: your passphrase
  7. Check that key was generated
    $gpg --k
    pub   rsa4096 2020-08-19 [SC] [expires: 2025-08-18]
         xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    uid           [ultimate] YourName <YourEmail>
    sub   rsa4096 2020-08-19 [E] [expires: 2025-08-18]
  8. Import Totango public key. Before executing the command, you need to put the public key in the file (example: totango-public-key.txt)
    $gpg --import totango-public-key.txt
  9. Check Totango key was imported.
    pub   rsa4096 2020-08-19 [SC] [expires: 2025-08-18]
         960958F6F04550ECDB4BDCCDD8C8015FAE2AB696
    uid           [ultimate] Yevhen <eugenez@totango.com
    sub   rsa4096 2020-08-19 [E] [expires: 2025-08-18]

    pub   rsa4096 2020-08-19 [SCEA] [expires: 2025-08-18]
         B0D97291A4DDC6E987340CD44313C8F6A9BC3D8C
    uid           [ unknown] Totango inc. <customer-data-hub@totango.com>
    sub   rsa4096 2020-08-19 [SEA] [expires: 2025-08-18]
  10. Export user public key that was generated.
    $gpg --output ~/user-public-key.key --export --armor YourEmail
  11. YourEmail is the email entered for creating the keys.

  12. Encrypt messages by the user and using the Totango public key.

    It's important to sign the message by using the command --sign

    $gpg --encrypt --sign --armor -u SenderEmail -r customer-data-hub@totango.com YourDataFileName.txt

After executing this command, a file with the same name with extension asc will be generated: YourDataFileName.txt.asc

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request