Encryption is a way to encode sensitive data so that only authorized users have access to that information. Encryption keys are used to protect and restrict designated data from unauthorized access. Using encryption you can secure data, even from people who work directly with the data and have access to the database. Data that is encrypted can then only be retrieved using the appropriate decryption keys.
VSys One uses a special form of encryption called public key encryption. It allows data to be entered and secured without the user being able to read that data later. The “encryption key” is available to all users, but only those with a "decryption key" can read the data. The decryption key is then stored on a physical disk or a USB flash drive, not in the database itself.
Decryption keys, which decode the data, can be created and used by specific individuals (such as administrators) to read the secured data. These keys are protected by the use of a passphrase, and that passphrase can be revoked at any time. So, in the event the key is missing (lost or stolen), the data remains protected, even if you cannot get the actual physical key back from the user.
There are both master keys and user keys and there are some important differences between the two.
Master Keys |
Do not have associated passphrases, and cannot be revoked. At least one copy of the master key should be put in a safe or safe deposit box, off-site. The data encrypted with the master key cannot be retrieved without at least one copy of this key or a user key derived from it. |
User Keys |
Unlike the master keys, these keys are protected by passphrases. User keys can also be revoked, even if you do not have the physical key. |
All users should have their own user decryption keys and the master decryption key(s) should always be stored in a safe place, with at least one copy stored off-site.
In order to protect the data, it is very important to be sure that the decryption keys, especially the master decryption keys, are not stored on your computer's hard drive or on your network.
The Encryption key manager in VSys lets you create and manage master encryption keys and user decryption keys.
Before you begin
Select the Encryption key manager from the Administrator tools panel.