Add encryption to a data file connector

Overview

Totango Customer data hub enables you to sync data files from various sources, in order to keep your data more secure, you are able to sync and store encrypted data files.
As part of Totango Shield, customers are able to sync and store encrypted data files.
These encrypted files will be stored encrypted in Totango internal storage.

The main benefit is that even if the file falls into the wrong hands, it is very hard to read its content since it is encrypted. 

This article includes:

 

How File Encryption Flow Work?

Syncing encrypted files to Totango is more like sending a file within a vault instead of sending a file.
The flow of sending encrypted information in a case where a user wants to sync private information to Totango:

  1. Create or use your company's public and private key.
  2. Configure an encrypted connection in Totango using your public key and sender email.
  3. Encrypt your file using these 4 encryption parameters:
    Totango public key, Totango receiver email, your private key, your sender email.
  4. Upload/sync your file to Totango.
  5. Totango will start processing the file but first, encrypt it based on the connector encryption parameters.
  6. Totango saves this file for backups (based on the backup file retention policy) and a user is able to download it. Note, the file is saved encrypted.  

Configure Encrypted Connection In Customer Data Hub

  1. Go to Customer Data Hub and create a new data file connector (like SFTP, Amazon S3, Google Cloud, Dropbox, ...).
  2. After you test and save the connector details (read more about it here), you are able to configure this connection encryption by clicking on the "Add File Encryption" button.  
    mceclip0.png

  3. Add your encryption parameters by typing in the sender email (the one you used for creating the encryption keys and paste your public key.
    Click save to save it.
    mceclip1.png
  4. You will be able to update the key once it is expired or to delete it.
    mceclip2.png

 

How To Encrypt Your File (Step-By-Step Guide)

There are many ways to encrypt your data file, this step-by-step guide will help you prepare the encrypted file before syncing it to Totango using a command line.

  • Download and install the GPG command-line tools for your operating system. Generally recommended installing the latest version for your operating system.
  • You can check the version and functionality of the utility using the command
$gpg --version
$gpg --help
  • Create user keys
$gpg --full-generate-key
  • Choose RSA type (the 1st option)
Please select what kind of key you want?
(1) RSA and RSA (default)

(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
  • Choose 4096 key size
What keysize do you want? (2048) 4096
  • Choose 5Y for the key expiration.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
  • Add you real name, email, and a textual passphrase
Real name: your name
Email address: your email 
Enter passphrase: your passphrase
  • Check that key was generated
$gpg --k
pub   rsa4096 2020-08-19 [SC] [expires: 2025-08-18]
     xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
uid           [ultimate] YourName <YourEmail>
sub   rsa4096 2020-08-19 [E] [expires: 2025-08-18]
  • Import Totango public key. Before executing the command, you need to put the public key in the file (example: totango-public-key.txt)
$gpg --import totango-public-key.txt
  • Check Totango key was imported
pub   rsa4096 2020-08-19 [SC] [expires: 2025-08-18]
     960958F6F04550ECDB4BDCCDD8C8015FAE2AB696
uid           [ultimate] Yevhen <eugenez@totango.com
sub   rsa4096 2020-08-19 [E] [expires: 2025-08-18]

pub   rsa4096 2020-08-19 [SCEA] [expires: 2025-08-18]
     B0D97291A4DDC6E987340CD44313C8F6A9BC3D8C
uid           [ unknown] Totango inc. <customer-data-hub@totango.com>
sub   rsa4096 2020-08-19 [SEA] [expires: 2025-08-18]
  • Export user public key that was generated
$gpg --output ~/user-public-key.key --export --armor YourEmail

YourEmail is the email entered for creating the keys

  • Encrypt messages by the user and using the Totango public key.
    Very important to sign the message by using the command --sign 
$gpg --encrypt --sign --armor -u SenderEmail -r customer-data-hub@totango.com YourDataFileName.txt


After executing this command, a file with the same name with extension asc will be generated
(YourDataFileName.txt.asc)

 

Important Notes

  • Encryption is enabled for all data file connectors except local files.
  • Encryption is done in the connection level
  • In an encrypted connection, both encrypted and regular files can be sync.
    mceclip3.png
  • When the user encrypts a file, it must be signed with the user sender email (this is not the native behavior of online tools).
  • Totango public keys and Totango key generic information can be found in here

 

Limitations

  • The encrypted file is limited to 500GB size.
  • When configuring an integration using an encrypted file, the preview and validation actions can take more time since Totango has to download the entire file to preview the first 10 rows.

 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request