Preparing to Use the Profile Key Manager
Before you can use the Profile Key Manager (PKM) to encrypt your data or to change the keys, you must follow the procedure that is outlined in this topic.
To prepare to use the Profile Key Manager
Build an application runtime. When you deploy an application that uses encryption in the Profiles service, you should have a global repository that stores the following:
The current private keyIndex value (either 1 for privateKey1 or 2 for privateKey2).
The publicKey for encryption and current private key for decryption (publicKey/privateKey1).
The publicKey for encryption and prior private key for decryption (publicKey/privateKey2).
Generate new keys. This generates a new publicKey/privateKey pair.
Deny updates. Make sure that the application code contains logic that denies edits and updates to the encrypted properties of a profile when that profile’s keyIndex property is not equal to the current global keyIndex value.
Update the application runtime. You must update the application runtime with the new key information. In the application runtime, change the values of the global keyIndex, publicKey, and privateKey to the new values.
Update the stored data. Reinitialize the Profile services to use the new values.
Security
You should be unable to access the publicKey/privateKey values from the Web server, but only from the back-end application server that processes encrypted information, such as credit cards.
See Also
Other Resources
How to Add Encrypted Properties for Profiles
Generating a New Encryption Key