PSO*7.0*723 (13570)    BUILD (9.6)

Name Value
NAME PSO*7.0*723
DATE DISTRIBUTED 2023-10-03 00:00:00
PACKAGE FILE LINK OUTPATIENT PHARMACY
REQUIRED BUILD
  • PSO*7.0*625
    ACTION:   Don't install, leave global
TYPE SINGLE PACKAGE
ALPHA/BETA TESTING NO
DESCRIPTION OF ENHANCEMENTS
This patch addresses the following issue:
-----------------
SSH
        Key Pair you can skip this step. You can check whether you already
        have an existing SSH Key Pair through the 'V' (View Public SSH 
Key)
        Action.
 
        Encryption Type: DSA, RSA, ECDSA or EDDSA?
        -----------------------------------
        Digital Signature Algorithm (DSA) (No longer supported) and 
Rivest,
 
        Shamir & Adleman (RSA) have been two of the most common encryption
        algorithms used by the IT industry for securely sharing data. 
        Elliptic Curve Digital Signature Algorithm (ECDSA) and 
Edward-curve
        Digital Signature Algorithm (ed25519) are more complex public key
        cryptography encryption algorithms that are now supported by the 
VA.
        Many of SPMP servers can handle all types; however there are 
vendors
        that accept only one specific type. You will need to contact the 
Files & Fields Associated:
SPMP
        vendor support to determine which type to select.
 
Step 2: Share the Public SSH Key content with the state/vendor. In order 
to
        successfully establish SPMP transmissions the state/vendor will 
have
        to install/configure the new SSH Key created in step 1 for the
        user id they assigned to your site. Use the 'V' (View Public SSH 
Key)
 
        Action to retrieve the content of the Public SSH key. The Public 
SSH
        Key should not contain line-feed characters, therefore after you 
copy
        & paste it from the terminal emulator into an email or text editor
        make sure it contains only one line of text (no wrapping).
File Name (Number)         Field Name (Number)        New/Modified/Deleted
------------------         -------------------        --------------------
SPMP STATE PARAMETERS      SFTP SSH KEY ENCRYPTION    Modified
(#58.41)                   (#19)                    
 
Problem:
 
--------
With the implementation of Red Hat Enterprise Linux (RHEL 8) stronger 
encryption keys ECDSA & EDDSA are now available and supported. SPMP 
application currently is using RSA type SSH key for connecting to the 
SPMP server to send data. 
 
New keys added:
Elliptic Curve Digital Signature Algorithm (ECDSA)
Edward-curve Digital Signature Algorithm (ed25519)
 
ECDSA Key creation
EDDSA is also known as ed25519 
 
Necessary changes are required to allow creation of ECDSA & EDDSA keys 
for the SPMP application. Support for RSA keys are anticipated to be 
deprecated in the future, so to maintain Vista's security posture and 
ensure continuous operation of required Vista processes, software 
utilizing SSH PKI user keys must be updated to support the stronger ECDSA 
& EDDSA encryption keys. 
 
The modification should allow the creation of any ECDSA & EDDSA keys to 
 
be 
forward compatible when Red Hat Enterprise Linux (RHEL 8) is implemented.
 
Resolution:
-----------
File SPMP STATE PARAMETERS (#58.41) field SFTP SSH KEY ENCRYPTION (#19) is
modified to add code ECDSA (Elliptic Curve Digital Signature Algorithm) & 
EDDSA (Edward-curve Digital Signature Algorithm).
 
Modify PSOSPMKY to allow ECDSA or EDDSA (ed25519) key to be created,
Defect Tracking System Ticket(s) & Overview:
viewed, deleted, and update the help text.
 
 
Technical Resolution:
---------------------
Add Code ECDSA (Elliptic Curve Digital Signature Algorithm) & EDDSA 
(Edward-curve Digital Signature Algorithm) to the set of codes for field 
#19 in file #58.41
 
Routine PSOSPMKY is modified as follows
 
 
ACTION+24 is changed from
  . S DIR(0)="S^DSA:Digital Signature Algorithm (DSA);RSA:Rivest, Shamir 
& Adleman (RSA)"
To
  . S DIR(0)="S^RSA:Rivest, Shamir & Adleman (RSA);DSA:Digital Signature 
Algorithm (DSA);ECDSA:Elliptic Curve Digital Signature Algorithm 
(ECDSA);EDDSA:Edward-curve Digital Signature Algorithm (ed25519)" ;p723
 
ACTION+26 changed from
1. INC26749697 - ECDSA KEY CREATION
  .S ENCRTYPE=Y
To
 .S ENCRTYPE=Y I Y="DSA" D  Q
 .. W !!,$G(IOBON),"WARNING:",$G(IOBOFF)," 'DSA' SSH keys are no longer 
supported.",$C(7)  
 
NEWKEY+9 is changed from
  I $G(ENCRTYPE)'="DSA",$G(ENCRTYPE)'="RSA" S ENCRTYPE="RSA"
To
   S 
 
ENCRTYPE=$S($G(ENCRTYPE)="ECDSA":"ECDSA",$G(ENCRTYPE)="EDDSA":"ed25519",1:
"RSA")
 
NEWKEY+63 is changed from
  S DR="18///"_$S(PSOOS["VMS":"SSH2",1:"OSSH")_";19///"_ENCRTYPE D ^DIE
To 
  S DR="18///"_$S(PSOOS["VMS":"SSH2",1:"OSSH")_";19////"_ENCRTYPE D ^DIE
 
The Help text is change to:
 
Patch Components:
Secure SHell (SSH) Encryption Keys are used to automate the data 
transmission
to the State Prescription Monitoring Programs (SPMPs). Follow the steps 
below
to successfully setup SPMP transmissions from VistA to the state/vendor 
server:
 
Step 1: Select the 'N' (Create New SSH Key Pair) Action and follow the 
prompts
        to create a new pair of SSH keys. If you already have an existing 
TRACK PACKAGE NATIONALLY YES
XPI1 NO
XPO1 NO
XPZ1 NO
FILE
  • UPDATE THE DATA DICTIONARY:   YES
    SEND SECURITY CODE:   YES
    SEND FULL OR PARTIAL DD:   PARTIAL
    DATA COMES WITH FILE:   NO
    MAY USER OVERRIDE DATA UPDATE:   NO
SEQ# 612
BUILD COMPONENTS
  • ENTRIES:
    • PSOSPMKY
      ACTION:   SEND TO SITE
      CHECKSUM:   B123640658