Registreren

Data encryption

You can improve data security by using encrypted data storage for fields with data type text, memo, blob or image. You can turn this on in the Properties tab in a Field by selecting a value in "Data security". There are 3 possible values:

  • Codec
    In this case the Engine will use a codec key to encrypt the data before storage in the database and decypts it when retrieving it. A custom codec key can be set in the general blueprint properties in the tab "Users & Security". The field is "Encryption key".

  • Custom script
    In this case you have to create a velocity script that encrypts and decrypts the "raw" value. The value is passed to the script as $value or $encodedvalue. The encoded/decoded value should be put in $return.

  • AES Encoding
    AES encoding is the strongest encryption we support. (Read more). It uses te same "Encryption key" field as the codec encryption.

    AES encoding can also used to encrypt blobs and images. The files on the OS will be stored encrypted and will be decrypted on retreival. 

 

 

How to activate data encryption on a field?

First enable the data encryption by ticking the field "Data security" on the tab "Users & Security" of the Blueprint properties.

 

We distinguish two possible cases.

  1. No current data in field
  2. Field contains data

No current data in field

Enable data encryption, set an Encryption Key and reload the blueprint. Now choose an encryption for the field you wnt to secure.

 

In above example 4 fields are defined as AES encrypted fields.

Now the only thing you need to do is reload your blueprint and all data entry in the secured field will be stored as an AES encrypted value in the database.

 

Field contains data

Start with the same steps as for no current data in field. After reload the blueprint the secured fields are unreadable for the application and need to be converted.

Use the conversion tool available in the Application Panel. Select in the menu: Databases/Encrypted field converter. The converter will propose the field with a data security set. 


Select the field you want to convert to its encryption and press ok. It will then convert all values (or file contents) to the corresponding encoding.

 

Some important considerations

  1. Production / Beta

    When you convert files on a beta/production environment be aware the blueprint at the beta is the same as the production. Otherwise encrypted files on one environment are not visible on the other.

  2. Branches

    This happens also when you run multiple branches on one engine and in branch 1 field A is encrypted and in branch 2 not.