Create and Manage Data Encryption Keys

Concepts

Encryption is a way to encode sensitive data so that only authorized users have access to that information. Encryption keys are used to protect and restrict designated data from unauthorized access. Using encryption keys, you can secure data, even from people who work directly with the data and have access to the database. Data that is encrypted can then only be retrieved using the appropriate decryption keys.

VSys One uses a special form of encryption called public key encryption. It allows data to be entered and secured without the user being able to read that data later. Only those with a “decryption key” can read the data, even though the “encryption key” is available to all users. The decryption key is then stored on a physical disk or a USB flash drive, not in the database itself.

Decryption keys, which decode the data, can be created and used by specific individuals, such as administrators, to read the secured data. These keys are protected by the use of a passphrase, and that passphrase can be revoked at any time, even if you cannot get the actual physical key back from the user. So, in the event the key is missing (lost or stolen), the data remains protected.

There are both master keys and user keys and there are some important differences between the two.

Master Keys

Do not have associated passphrases, like the user keys, and cannot be revoked.

At least one copy of the master key should be put in a safe or safe deposit box, off site. The data encrypted with the master key cannot be retrieved without at least one copy of this key or a user key derived from it.

User Keys

Unlike the master keys, these keys are protected by passphrases.

User keys can also be revoked, even if you do not have the physical key.

All users should have their own user decryption keys and the master decryption key(s) should always be stored in a safe place, with at least one copy stored off-site.

In order to protect the data, it is very important to be sure that the decryption keys, especially the master decryption keys, are not stored on your computer's hard drive or on your network.

The Encryption key manager in VSys lets you create and manage master encryption keys and user decryption keys.

Before You Begin

From the VSys One main screen, click the Administrator tools bar to open the panel, or select the Administrator tools link from the left navigation panel. Click on Encryption key manager.

Linked Graphic