Implementing Receivables Credit to Cash (2025)

You can secure both outbound and inbound messages using payload security. Payload security is the securing of payment files and other files using payment file encryption and digital signature based on the open PGP standard.

You can update existing transmission configurations to use encryption and digital signature for your existing connectivity with banks.

For outbound messages, Oracle Payments Cloud supportsencryption and digital signature for:

  • Payment files and positive payfiles for disbursements

  • Settlement batch files for fundscapture

For inbound messages, the application supports decryptionand verification of digitally signed encrypted files for:

  • Funds capture acknowledgment files

  • Bank statements

You can also secure payment data using secured transmissionprotocols, such as SFTP or HTTPS.

Note:

Oracle Applications Cloud supports decryption ofpayment files that are encrypted using version BCPG 1.45 or lowerof the OpenPGP standard.

Configuring encryption and digital signature foroutbound and inbound messages includes the following actions:

  • Generating keys

  • Setting up outbound transmissionconfiguration

  • Setting up inbound transmissionconfiguration

  • Uploading the bank-provided publickey file

  • Downloading the system-generatedpublic key file

Generating Keys

Encryption and digital signature verification requiresa public key. Conversely, decryption and signing a digital signaturerequires a private key. A private key and public key pair is knownas the key pair. The party who generates the key pair retains theprivate key and shares the public key with the other party. You cangenerate or receive a public key subject to the agreement with yourbank.

The following table provides typical generation detailsof the public and private key pair:

Key Pair Generated

Generates Outbound Messages from Payments

Generates Inbound Messages to Payments

PGP Public Encryption Key and PGP Private SigningKey

Bank

Deploying company

PGP Public Signature Verification Key and PGP PrivateDecryption Key

Deploying company

Bank

If you're generating the key pair, you can automaticallygenerate them within Oracle Applications Cloud.

You must import the public encryption key or thepublic signature verification key that you receive into the OracleApplication Cloud using UCM.

Setting Up Outbound Transmission Configuration

For outbound messages, such as payment files, positivepay files, and settlement batch files, you must:

  • Encrypt your payment file usingthe bank-provided public encryption key.

  • Optionally, sign the payment filedigitally using the private signing key that you generate.

On the Create Transmission Configuration page, youcan see the outbound parameters as described in the following table.

Outbound Parameters

Description

PGP Public Encryption Key

A key given to you by your bank that you use to encryptyour outbound payment file.

To upload the bank-provided public encryption key,use UCM by navigating to Tools > File Import and Export.

Lastly, on the Create Transmission Configurationpage for the PGP Public Encryption Key parameter, select the publicencryption key file from the Value choice list.

PGP Private Signing Key

A key generated by you to digitally sign the outboundpayment file.

To generate the private signing key, select Quick Create from the Value choice listfor the PGP Private Signing Key parameter. The application:

  • Automatically generates the privatesigning key and links it to your transmission configuration.

  • Generates a public encryption keyfile that you can download from UCM and share with your bank. Thebank uses your public encryption key file to verify the digital signatureof the payment files that you transmit to the bank.

Note:

You must provide a key password to generate a privatesigning key using the Quick Create feature. This password is alsoused for exporting and deleting this key.

Setting Up Inbound Transmission Configuration

For inbound payment messages, such as acknowledgmentsand bank statements, you must:

  • Verify the digital signature usingthe bank-provided public signature verification key.

  • Decrypt the file using the privatedecryption key that you generate.

On the Create Transmission Configuration page, youcan see the inbound parameters as described in the following table.

Inbound Parameters

Description

PGP Public Signature Verification Key

A key given to you by your bank that you use to validatethe digital signature of inbound acknowledgment files or bank statements.

To upload the bank-provided public signature verificationkey, use UCM by navigating to Tools > File Import and Export.

After uploading the bank-provided public signatureverification key using UCM, you can select the key file on the CreateTransmission Configuration page. Select it in the Value choice listfor the PGP Public Signature Verification Key parameter. After youselect the public signature verification key file, it's automaticallyimported.

PGP Private Decryption Key

A key generated by you to decrypt the inbound encryptedfile. To generate the private decryption key, select Quick Create from the Value choice listfor the PGP Private Decryption Key parameter. The application:

  • Generates the private decryptionkey and links it to your transmission configuration.

  • Generates a public signature verificationkey file that you can download from UCM and share with your bank.The bank uses your public signature verification key file to encryptacknowledgments and bank statements.

Note:

You must provide a key password to generate a privatesigning key using the Quick Create feature. This password is alsoused for exporting and deleting this key.

Creating Private Keys Using the Advanced CreateFeature

You can also generate private keys by selecting Advanced Create from the Value choice list.Advanced Create feature lets you configure certain properties to generatestronger keys. This enhances the security of payment files transmittedto your bank. Here are the properties you can configure for PGP privatesigning keys:

Option

Description

Key Type

The type of private signing key generated.

  • RSA: Key is generated using theRSA algorithm.

Length

The number of bits in the private signing key (orkey size).

  • 2048: 2048-bit key

  • 3072: 3072-bit key

  • 4096: 4096-bit key

Expiration Date

The date when this private signing key expires.

Encryption Algorithm

The encryption algorithm of the private signing key.

  • AES128: 128-bit cryptographic keygenerated using Advanced Encryption Standard.

  • AES192: 192-bit cryptographic keygenerated using Advanced Encryption Standard.

  • AES256: 256-bit cryptographic keygenerated using Advanced Encryption Standard.

  • 3DES: Cryptographic key generatedusing Triple Data Encryption Standard.

Hashing Algorithm

The hashing algorithm of the private signing key.

  • SHA256: 256-bit hash computed usingSecure Hash Algorithm.

  • SHA384: 384-bit hash computed usingSecure Hash Algorithm.

Compression Algorithm

The compression algorithm of the private signingkey.

  • ZIP: Cryptographic key compressionusing ZIP algorithm.

  • ZLIB: Cryptographic key compressionusing ZLIB algorithm.

  • BZIP2: Cryptographic key compressionusing BZIP2 algorithm.

Configuring these properties lets you meet bank-specificpayment file security requirements. When you generate a private keyusing the Advanced Create option, a corresponding public key is exportedto UCM from where you can download it. Similar to Quick Create, youmust provide a key password when you use Advanced Create to generatea private key.

Uploading the Bank-Provided Public Key File

To upload or import the bank-provided PGP PublicEncryption Key or the PGP Public Signature Verification Key into OracleApplications Cloud, perform these steps:

  1. Rename the bank-provided key fileby including _public.key as thesuffix. Ensure that the key file name doesn't have any special charactersother than the underscore.

  2. Navigate to: Navigator > Tools > File Import and Export.

  3. Import the bank-provided key fileinto account fin/payments/import.

  4. Navigate to the Create TransmissionConfiguration page.

  5. From the Value choice list forthe applicable parameter, select the uploaded key file.

    Tip:

    The key name in the choice list is the same as theone you uploaded using UCM.

  6. After you select the key and savethe transmission configuration, the key is automatically importedinto the Payments.

Downloading the System-Generated Public Key File

To download the system-generated public key filefrom Payments to share with your bank, perform the follow steps:

  1. On the Create Transmission Configurationpage, select Quick Create forthe applicable parameter.

  2. Click the Save and Close button.

  3. Navigate to: Navigator > Tools > File Import and Export.

  4. From the Account choice list, select fin/payments/import and search for the system-generatedpublic key file.

  5. Download the system-generated publickey file.

    Tip:

    The file name is similar to the private key filethat was generated and attached to the transmission configuration.

Note:

SSH (Secure Socket Shell) key-generation for SFTPtwo-factor authentication is generated by Oracle Support based ona service request.

Exporting and Deleting Keys

The Export and Delete option lets you securely exporta selected private or public key. This lets you use the same key fordifferent environments. When you export a key using this feature,the key is exported to UCM from where you download it. If the selectedkey is a private key, you must provide the key password that was usedwhile generating the key. No key password is required for exportingpublic keys.

You can also use this feature to delete PGP. However,you can't delete a key that's currently attached to a transmissionconfiguration. When you delete a system-generated private key, thecorresponding public key is also deleted. Just like how exportingworks, deleting a key also requires the key password, if the selectedkey is a private one. No password is required for deleting a publickey.

The Export and Delete feature works not only forthe application-generated keys but also for imported keys.

Implementing Receivables Credit to Cash (2025)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Aron Pacocha

Last Updated:

Views: 5906

Rating: 4.8 / 5 (68 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Aron Pacocha

Birthday: 1999-08-12

Address: 3808 Moen Corner, Gorczanyport, FL 67364-2074

Phone: +393457723392

Job: Retail Consultant

Hobby: Jewelry making, Cooking, Gaming, Reading, Juggling, Cabaret, Origami

Introduction: My name is Aron Pacocha, I am a happy, tasty, innocent, proud, talented, courageous, magnificent person who loves writing and wants to share my knowledge and understanding with you.