CA Payment Security PGP key expiring on March 6, 2019
Article ID: 126977
CA Payment SecurityARCOT ECOMMERCE
The current CA Payment Security PGP Public key in your system will expire on March 6, 2019. Customers may not be able to use this key for encrypting data upload files after this date, thus impacting the ability to upload cardholder data.
A CA Payment Security PGP keys are used by CA Payment Security customers to encrypt cardholder data files prior to being consumed by CA Payment Security (Transaction Manager) solution. These cryptographic keys used in a PCI environment and are required to be changed every few years to limit the risk that the keys can be compromised or stolen. This article details the need for customers to update CA Payment Security PGP Public key that will expire on March 6, 2019.
CA Payment Security PGP key expiration on March 6, 2019.
Answer: The public key is used for encrypting data to be shared with CA Payment Security Operations team, most commonly cardholder data to upload in CA Transaction Manager.
3. Why do we need to update PGP key?
Answer: All cryptographic keys used in a PCI environment must be changed every few years, because if the key is compromised or stolen the damage will be limited.
4. Do I need to do anything after import?
Answer: You must verify trust on the updated public key for more information about trusting a pgp key refer https://www.gnupg.org/gph/en/manual/x334.html If the key is not trusted, the software will prompt you for confirmation when using it, this may break your automated process.
5. Where can I find the new PGP Public Key?
Answer: You can find it embedded in this document.
6. For more questions on this topic, who could we reach out to?
Answer: For any questions or concerns related to this schedule, please contact the Payment Security Support team at [email protected] or by opening a support request at support.arcot.com.