Scenario:
A company is integrating Oracle Integration Cloud (OIC) with an external financial system to exchange sensitive payroll data securely. The external system encrypts and signs the data before sending it to OIC. OIC must decrypt and verify the data, process it, then encrypt and sign the response before sending it back.
Solution Approach
1. Incoming Data: Decrypt & Verify in OIC
- The source system encrypts the data using AES-256 (symmetric encryption) and signs it using an RSA private key.
- OIC receives the encrypted and signed payload.
- OIC retrieves the AES decryption key and RSA public key from OCI Vault.
- OIC decrypts the data using AES and verifies the signature using RSA.
2. Outgoing Data: Encrypt & Sign in OIC
- After processing the data, OIC encrypts the response using AES-256.
- OIC signs the encrypted data using an RSA private key.
- The response is sent back to the source system.
- The source system retrieves the AES key to decrypt the data and verifies the RSA signature using OIC’s public key.
Implementation in OIC with OCI Vault
1. Key Management in OCI Vault
- Store the AES encryption/decryption key for data security.
- Store RSA key pairs (private for signing, public for verification).
- Use OCI Vault’s Key Management APIs to securely fetch keys.
2. OIC Integration Implementation
- Configure REST connection to OCI Vault for key retrieval.
- Use AES encryption/decryption logic in OIC.
- Implement RSA signing and verification in OIC using the retrieved keys.
Detailed steps with screenshots:
Here we will create two common service which will perform the following:
- Encryption service: It will perform encrypt and signing.
- Decryption service: It will perform verify and decrypt.
Rest Connection:
Encrypt and signing:
Integration flow:
Decrypt and Verify:
Integration flow
No comments:
Post a Comment