Digital message signing in Pega Predictive Diagnostic Cloud
Digital message signing is an optional security feature that adds an encrypted signature to every message that your system sends to Pega Predictive Diagnostic Cloud™ (PDC). Digital message signing ensures that PDC processes only messages sent by your system and the integrity of the data that PDC receives.
To enable or disable digital message signing in PDC, follow the instructions in Enabling or disabling digital message signing in PDC.
If you experience issues with digital message signing in PDC, follow the instructions in Diagnosing issues in the digital message signing feature in Pega Predictive Diagnostic Cloud.
Digital message signing in PDC is based on asymmetric encryption in the Digital Signature Algorithm (DSA) standard which uses a cryptographic key pair. Your system generates the DSA key pair together, sends the public key to PDC, and stores the private key in a protected keystore format. Your private key is unique to your system.
The following figure shows the generation and distribution of the DSA key pair:
When you enable digital message signing, your system uses the private key to generate encrypted digital signatures for messages that it sends to PDC. The system generates a different signature for each message and adds the signature to the message header. PDC then uses the corresponding public key to decrypt the signature. If the signature is missing or PDC is unable to decrypt it, PDC rejects the message.
PDC stores messages that have incorrect or missing signature up to seven days for diagnostic purposes. After seven days, PDC deletes the incorrect messages.
You can view the status of digital message signing and how many messages PDC rejected under the Gears icon in the PDC header.
Procedure in case of private key exposure
To ensure security in case your private key was exposed, you need to replace the key pair. If you suspect that your private key was exposed, contact Pega Support.