PGP Encryption:

Oracle ERP Cloud supports Pretty Good Privacy (PGP) unsigned encryption with 1024
key size. There are two types of encryption keys:

1. Oracle ERP Cloud Key generated from Oracle ERP Cloud certificate UI
2. Customer provided Key

Oracle ERP Cloud PGP Key

The public key is used by the customer to encrypt the data file and respective
private key is used by import bulk data process to decrypt the data file before
starting load and import process.This is for inbound process to Oracle ERP Cloud.

Customer PGP Key

ERP Cloud uses customer's public key to encrypt the extracted file and uploads to
UCM. Customer uses their private key to decrypt the file in on-premise or PaaS
systems.

Ex: GL Outbound to Silverlake will use the Customer PGP keys.

From the certificate page uder tools--> security we can generate the Cloud public
keys.And then export the public and private keys.

The customer PGP public keys can be imported usig certificate UI.

The customer public key will be used by ERP Cloud to encrypt outbound file.
Customer will decrypt this file using their private key.

To generate the PGP Encryption Key Pair, use the following steps.

Sign in to the Oracle HCM Cloud with the IT Security Manager job role or
privileges.
Select Navigator > Tools > Security Console to open the Security Console.
Click the Certificates tab to open the Certificates page.
Click Generate to open the Generate dialog box.
In the Generate dialog box, set Certificate Type to PGP.
In the Alias field, enter fusion-key.
Note: You must enter fusion-key in this field. Otherwise, the encryption APIs can't
use this key to decrypt all of your encrypted inbound files.
In the Passphrase field, enter a passphrase for the private key. This passphrase is
needed when you edit, delete, or download the private key.
Note: If you forget the passphrase, then you may have to raise a service request to
receive help deleting the private key. Once the old key is deleted, you can
generate a new key using this PGP Encryption Key Pair generation process.
In the Key Algorithm field, select RSA.
In the Key Length field, select either 1024 or 2048.
Click Save and then Close.
The fusion key pair has now been generated and is ready for download. You can see
the new fusion key pair on the Certificates page of the Security Console.
In the Status actions for the fusion key pair on the Certificates page, select
Export > Public key.
This key will be downloaded as fusion-key_pub.asc and will be shared with third
party to use for encryption. Same way when we receive the thrird party public keys
we can upload and use for decryption.

Save the HCM Cloud public key (fusion-key_pub.asc) to your desktop.

Use the downloaded key to encrypt files that are inbound to the Oracle HCM Cloud.