|
Last modified: 24 Dec 2007
WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the
official Parallels site.
Normally, credit card numbers are stored in clear text in the
H-Sphere database.
The credit card encryption feature will allow
you to add security by encrypting all the credit card numbers and
to control when the credit card numbers are accessible by the Control
Panel. This feature uses Public/Private key encryption technology
(RSA Block Asymmetric Algorithm with a 1024bit key). All
credit cards will be encrypted with a public key. The public key is always
stored in a file on the Control Panel Server. The private key, which will
be used to decrypt credit card numbers, will be downloaded by the administrator
as a part of the encryption wizard.
WARNING:
1. The private key; is stored in RAM (NOT ON THE DISK!)
and must be uploaded every time the control panel is resarted!
2. The permanent copy of the private key should be stored
on a secure and safe medium by the administrator. It should not be on
any of the H-Sphere servers!
3. If the private key is lost, there is no way for anyone (even for
the support staff or programmers) to recover credit card numbers that have been
encrypted!
Turning On
To turn on credit card encryption:
Log into your admin control panel.
Select CC encryption in the Settings -> Payment Settings menu:
Click the OFF button to start encryption wizard.
Proceed to Step 2 of the wizard to get the form with your private key:
Copy the private key to your clipboard and also
to a file stored in a safe location.
On the wizard's Step 3, enter the private key from the clipboard to the form, and proceed
to get your credit cards encrypted:
Note: The encryption procedure may take a long time, up to an hour or even more,
depending on the number of credit cards processed and the server physical configuration.
Now, CC encryption is complete:
Once the credit cards are encrypted, the private key will be stored in
RAM until the Control Panel is restarted or until the key is manually
unloaded.
Note: If you restart H-Sphere during the encryption procedure, it would automatically
continue after the restart.
Loading Private Key
If you have restarted H-Sphere, you need to load your private key, in order to be able to access encrypted data,
or in case you need to complete CC decryption.
You would see the following form in the Settings -> Payment Settings -> CC Encryption menu:
To load your private key, insert to the form and enter Submit.
Turning Off
To turn off credit card encryption:
Log into your admin control panel. Choose the Settings -> Payment Settings -> CC Encryption menu and
click the ON button to start decryption wizard. After you choose to decrypt, you would get:
After the decryption process is finished, the CC Encryption menu would look like:
Click the Unload button to complete disabling CC Encryption.
Important: If you restart H-Sphere during decryption, you would not be able to proceed until you
load your private key!
If You Lose Your Private Key
If the Private key fails to load, the following issues will arise with
users who pay with credit cards:
- Accounts under plans without credit limit will not be able to add
paid resources.
- If the accounting cron runs when the Private Key is not loaded,
accounts whose billing period has ended will be debited regardless of
their credit limit. This may put some users over their credit limit.
- Users who are over their credit limit will not be able to add any
resources (including free resources) until the encryption key is loaded.
|
