Private Keys
Private Keys are cryptographic credentials used to establish secure, authenticated SFTP connections in UDMG. They are used in one context:
- When UDMG acts as an SFTP server, it uses a Private Key to identify itself to incoming clients. This key serves as the server's Host Key, enabling encrypted communication and client trust establishment (Use Case 1).
UDMG supports several key types and verifies that each key is in the correct format when saved. These keys are Private Key stored securely and their values are masked in the UDMG Admin UI, and can only be retrieved via the API.
Use Case
| # | Use Case | Referenced By | Purpose |
|---|---|---|---|
| 1 | Local SFTP Server Identity Verification | Local SFTP Server Endpoint | Establishes the Local SFTP Server's identity. |
Local SFTP Server Identity Verification
Each Local SFTP Server Endpoint requires a Private Key (also known as the server's Host Key), which is used for encrypting, signing, and identifying UDMG to incoming clients.
Implementation
- An SSH key pair is generated outside of UDMG (e.g., by your organization).
- A new Credential (Credential Type: Private Key) is created on the Credentials page with the private key from Step 1.
- A new or existing Local SFTP Server Endpoint can now reference this Credential from the Credentials Name (Host Key) field.
- UDMG references and uses this key when a partner attempts to authenticate over SFTP and transfer files.
Adding a Private Key
To add a Private Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click Add Credential.
- Select Private Key as the Credential Type.
- Enter an identifying Name and Description, and optionally Valid From and Valid To dates.
- Enter or paste in the Private Key from your organization.
- Click Add.
Each key must be properly created to be referenced by other Configuration Items. UDMG validates keys for format, but not for usage.
Field Descriptions
The following table lists all fields that can be completed when adding (or editing) a Private Key:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Type | Type of Credential. Select: Private Key. | Cannot be modified after creation. | Yes |
| Name | The name of the Private Key. |
| Yes |
| Description | The description of the Private Key. | No | |
| Valid From | Date when the Credential becomes valid. | Cannot be later than Valid To date. | No |
| Valid To | Date when the Credential becomes invalid. info UDMG does not use or check the dates provided. The dates entered are only meant to help Users keep track of expiration dates. | Cannot be earlier than Valid From date. | No |
| Key | Raw cryptographic data of the private key. Key metadata is parsed automatically. |
| Yes |
Editing a Private Key
To edit a Credential, follow these steps:
- From the Sidebar, select Configuration > Credentials.
- Click the Credential Name you want to edit.
- Click the Edit button above the Credentials details to edit the specific fields.
- Edit details for the Credentials using the Field Descriptions table as a guide.
- Click Update.
Managing a Private Key
Viewing Private Key Details
To view the details of a Private Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click the Name of the Key Credential you want to view.
- To see the key value, which is not visible after Credential creation, System and Domain Administrators can use the authenticated Reveal API.
Credential Metadata
Credential details include all parameters given in the Field Descriptions table, plus the following read-only metadata:
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Private Key. |
| Enabled | Credentials Enabled status. If enabled, field is set to True. |
| Version | Version number of the latest configuration of the Credential, including changes to the Enabled status. |
| Created | Date and time this Private Key was created. |
| Updated | Date and time this Private Key was last updated. |
| Algorithm | The cryptographic method used to generate the key (RSA, DSA, or ECC). |
| Bits | The key length that determines its strength against brute force attacks. |
| Comments | Optional administrative notes for identification or documentation purposes. |
| Fingerprint (MD5) | A legacy hash checksum that provides a unique identifier for the key. |
| Fingerprint (SHA256) | A modern, more secure hash that uniquely identifies the key. |
| Authorized Keys | The formatted text string is ready to be copied into SSH server configuration files. |
| Key Type | Specifies the format or cryptographic algorithm of the key. |
| Revoke | Credentials revoke status (currently always No). |
Enabling and Disabling Private Keys
Private Keys can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is defaulted to Enabled and can be changed after creation.
- Enabled (default): The Private Key is active and available for use.
- Disabled: The Private Key is not active and unavailable for use.
To enable or disable a Private Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click the Name of the Private Key you want to enable/disable.
- Click the Enable or Disable button above the Private Key details, depending on the current status.
Deleting a Private Key
To delete a Private Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click the Name of the Private Key you want to delete.
- Click the Delete button above the Private Key details.
- You will be asked to confirm the deletion. Click Delete.
If a Credential is currently assigned to a Configuration Item (Endpoint, Pipeline, Account, or LDAP), then it cannot be deleted. You must first remove the Credential from the specific Configuration Item(s) it is assigned to, then go back to the Credentials page to delete the Credential.