An Oracle blog about Web Services and Security in the Fusion Cloud

  • March 1, 2017

How to generate PGP keys using the Fusion Security Console

Terence Munday
Application Architect


Encrypting and importing data to the HCM Cloud has become much simpler as of Fusion Release 10.  The Security Console now provides functionality to generate and manage certificates and public/private key pairs.  This article describes how to use the Security Console to create a PGP key that can be used to encrypt HCM Data Loader files prior to importing them.

System Requirements

Fusion release 10+

Fusion user with IT_SECURITY_MANAGER access to the Security Console

Step 1 - Generate the key pair

1) Log into Fusion.

2) From the Navigator, launch the Security Console.

3) Select the "Certificates" tab to view the keys installed on your pod.

4) Press the "Generate" button to display the generate certificate form.

5) Select "PGP" as the certificate type

6) Enter the key details

Enter "fusion-key" for the alias.  This is very important.  If the alias is something other than "fusion-key", the encryption APIs will not be able to locate the key and will fail.

Enter a passphrase.  You will need this passphrase if you ever want to delete this key.  For example, your company may have a policy to regenerate keys at pre-defined intervals for security purposes.  You need to delete the existing key before generating a new one with the same alias.

Select RSA as the key algorithm.

Select 2048 for the key length.

Press the "Save and Close" button to generate the key pair.

7) Close the confirmation dialog.  The key with the alias "fusion-key" will be displayed in the list of certificates.

Step 2 - Export the public key

1) Click the "fusion-key" alias link.  The public key will be displayed.

2) Choose "Export -> Public Key" from the "Actions" menu and save the "fusion-key_pub.asc" to your local machine.

Step 3 - Import the public key to your local machine

The steps to accomplish this will vary depending on the operating system and application you are using for encryption/decryption and key management. 

Gpg4win, the official GnuPG distribution
for Microsoft Windows and
GnuPG for Linux are some common tools used for encryption and key management.

You will use this key to encrypt your data files before importing them using the HCM Data Loader.

That's it!

You are now ready to encrypt and import your HDL data files.

For additional information, please refer to the official Oracle documentation.  A link is provided in the References section below.


Oracle Human Capital Management Cloud Integrating with Oracle HCM Cloud - Chapter 24: Transferring Encrypted Data


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.