Versions Compared

Old Version 2

changes.mady.by.user Pavel Novák

Saved on

compared with

New Version Current

changes.mady.by.user Pavel Novák

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If enabled, the data of each new package are encrypted after the detection engine checks are completed. Either with a common server key or with a unique package key derived from the package password, see the settings below.

(default: enabled)

Anonymous users can encrypt packages with a password

Allows anonymous (not logged in) users to encrypt sent packages with a password. The data of the password encrypted packages are not accessible to anyone who does not have the password, not even to the administrator. Encryption occurs after finishing checks with the detection engines. Works only if the new package encryption is enabled.

(default: NO)

Registered users can encrypt packages with a password

Allows registered (logged in) users to encrypt sent packages with a password. In the "only selected" mode only users with the corresponding permission are allowed. The data of the password encrypted packages are not accessible to anyone who does not have the password, not even to the administrator. Encryption occurs after finishing checks with the detection engines. Works only if the new package encryption is enabled.

(default: YES)

Key encryption keys (KEK)

...

  • Title - name of the key, with no functional effect, just for clarity.

  • Type - only “local key” type is supported for now, which is stored in the application database. In the future more key types are planned, which will be stored elsewhere (eg. external KMS or HSM).

    • Since version 2.3 there are two types of local keys: ECIES - old and deprecated and HPKE - new and recommended. For new installations the new recommended key type will be automatically used. Old installations will continue using the original ECIES, until the administrator makes the change. We recommend considering to switch to the new key type for older installations (by adding a new key and then removing the old one).

  • Key usage - how many packages is currently encrypted with this key / total number of encrypted packages.

  • Status:

    • ready: a key with no active running operation.

    • adding to packages in progress: a key with an active operation of being added to encrypted packages.

    • removing from packages in progress: a key with an active operation of being removed from encrypted packages.

  • Action:

    • + icon: Adds this KEK to all encrypted packages. Available only if some encrypted packages exist without this key.

    • - icon: Removes this KEK from all encrypted packages. Available only if some encrypted packages exist with this key.

    • Trashcan icon: Removes this KEK from the application. Available only if this key is not currently used for encryption of any package. A key that is used cannot be deleted, because it would cause package data loss.

More about encryption

Additional information about the encryption can be found here: https://wikisonpo.atlassian.net/wiki/spaces/SPEN/pages/3192684545/Data+encryption+in+the+SOFiE+application .