Message Encryption

The ServisBOT platform provides customers with the ability to encrypt customer messages as they enter the ServisBOT system. This guide assumes that you are familiar with basic encryption techniques, and you have the ability to generate your own encryption keys.

Step 1 - ServisBOT Tooling

Message encryption is a feature that requires some initial configuration by ServisBOT. If you would like access to this feature, please contact ServisBOT first.

ServisBOT will provide you the following:

  • A ServisBOT public key file
  • A tool used to envelope your private key using the ServisBOT public key, and subsequently upload the encrypted key to the ServisBOT platform
  • AWS credentials which will provide the aforementioned tool access to the ServisBOT platform

SBPublicKey.pem example:

-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAvWZZSSrDKJ2wqT4kt/jhqwjAvMaMMQAAfnzEKDIVOc6gEWQPVnjE
4CXBEuzunz+vJ/hXjutdkO34ZyI0In5mp6SNdZRefNcE0N8r8h+7HuLWuX3SA7Qo
kH+GmnoDpWYgM5fDohalc3lHtWkWDxYJEFXmVFp5snX5fJY6vGQchBeScTM625js
...
-----END RSA PUBLIC KEY-----

Once you have received the ServisBOT public key, the encryption and upload tool, and the AWS credentials, you can securely upload your private key to the ServisBOT platform.

Step 2 - Key Generation

Generate your own public/private key-pair. Keys myst be a 4096 bit asymmetrical key-pair that uses pkcs1_oaep for its encryption scheme.

Generating public/private key-pair using unix

openssl genrsa -out CMKPrivateKey.pem 4096
openssl rsa -in CMKPrivateKey.pem -outform PEM -pubout -out CMKPublicKey.pem

Generating public/private key-pair using windows

* Download putty from https://www.putty.org/
* Open PuttyGen
* Type of Key to Generate: RSA
* Number of bits in a generated key: 4096
* Click Generate
* Save Public Key as CMKPublicKey
* Save Private Key
    * Conversions > Export OpenSSH Key
    * This is required to export the key in PEM format

Step 3 - Environment Variables

Configure the environment variables provided to you by ServisBOT

export AWS_REGION=<provided-by-servisbot>
export AWS_ACCESS_KEY_ID=<provided-by-servisbot>
export AWS_SECRET_ACCESS_KEY=<provided-by-servisbot>
export AWS_SESSION_TOKEN=<provided-by-servisbot>

Step 4 - Private Key Encryption

Use the tooling provided by ServisBOT to encrypt your private key

Store your keys in the data directory

  • Inside the toolings main directory, create a data folder
  • Store your private key in the ./data/ folder as CMKPrivateKey.pem ./data/CMKPrivateKey.pem
  • Store the public ServisBOT key in the ./data/ folder as SBPublicKey.pem ./data/SBPublicKey.pem

Run the encrypt command

./bin/servisbotcmk --action encrypt

This creates a file named EncryptedCMK.b64 in the output directory. This file contained your encrypted and encoded private key.

Step 4 - Private Key Upload

Use the tooling provided by ServisBOT to upload your encrypted private key

At this stage. ServisBOT will provide you with a job id to complete the upload.

./bin/servisbotcmk --action upload --jobid <job-id-provided-by-sb> 

Step 5 - Sharing the Public Key

You will need to supply ServisBOT with your public key so that the platform can encrypt conversational messages. The public key (in pem format) should be sent to key_management@servisbot.com