Security configurationBatch class encryption

Batch class encryption

Transact enables you to encrypt or decrypt the data persisted in XML files and index files during batch processing.

Users can use existing encryption keys to save time, without having to generate new keys/keystores that require relearning. This feature works only with the application-level key. The application's identity of the batch class being imported is the same as the application to which the batch class is being imported. This validation is done so that no unauthorized application can import a batch class that does not belong to the same organization.

Follow these steps to configure the batch class:

  1. The system administrator sets up the encryption keys for your application and batch class. Use the System Config tab.
  2. The super admin for the application generates the Batch Class Key at the Batch Class Management screen.
  3. Use Batch Class Import to enable or disable encryption.

    An imported batch class can also use an existing key that exists in the exported batch class.

  4. To enable encryption during batch class import or to change the key of the existing encrypted batch class while importing re-learning for all the files, key/key-store generation takes place. This process may take some time.

Use case for batch class encryption

A batch class BCx belongs to organization A and organization B is trying to import the batch class BCx using existing keys into its application. Since organization A is different from organization B, organization B must not be able to use the batch class already encrypted by another organization. This is validated using Applications identity (application key) since each application key used by an organization/application is unique.

To import/export an encrypted batch class between different environments like Production or Development for the same organization, then application identity on both Production and Development environments must be the same. This will validate that the batch class belongs to the same organization.

The same Application key must be used on all the environments in the organization, as this key is an identity key that verifies whether the application belongs to the same organization.