Skip to main content

Digital message signing in Pega Predictive Diagnostic Cloud

 Suggest edit Updated on January 19, 2022

Digital message signing is an optional security feature that adds an encrypted signature to every message that your system sends to Pega Predictive Diagnostic Cloud™ (PDC). Digital message signing ensures that PDC processes only messages sent by your system and the integrity of the data that PDC receives.

To enable or disable digital message signing in PDC, follow the instructions in Enabling or disabling digital message signing in PDC.

If you experience issues with digital message signing in PDC, follow the instructions in Diagnosing issues in the digital message signing feature in Pega Predictive Diagnostic Cloud.

Digital message signing in PDC is based on asymmetric encryption in the Digital Signature Algorithm (DSA) standard. The DSA uses a cryptographic key pair with a length of 512 bits. Your system generates the DSA key pair together, sends the public key to PDC, and stores the private key in a protected keystore format. Your private key is unique to your system.

Digital message signing is supported on Pega Platform 8.6 with Java 8, and on Pega Platform 8.6.2 with all Java versions.

The following figure shows the generation and distribution of the DSA key pair:

DSA key pair generation
Your system generates the DSA key pair and sends the public key to PDC

When you enable digital message signing, your system uses the private key to generate encrypted digital signatures for messages that it sends to PDC. The system generates a different signature for each message and adds the signature to the message header. PDC then uses the corresponding public key to decrypt the signature. If the signature is missing or PDC is unable to decrypt it, PDC rejects the message.

PDC stores messages that have incorrect or missing signature up to seven days for diagnostic purposes. After seven days, PDC deletes the incorrect messages.

You can view the status of digital message signing and how many messages PDC rejected under the Gears icon in the PDC header.

Procedure in case of private key exposure

To ensure security in case your private key was exposed, you need to replace the key pair. If you suspect that your private key was exposed, contact Pega Support.

  • Previous topic Encrypting operator IDs in Pega Predictive Diagnostic Cloud
  • Next topic Enabling or disabling digital message signing in Pega Predictive Diagnostic Cloud

Tags

Pega Predictive Diagnostic Cloud System Administration
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us