Last update: Edit

1 Introduction

The Encryption module takes care of the following encryption needs:

  • Plain text encryption (for example, passwords)
  • FileDocument encryption (for example, files of photos)

2 Plain Text Encryption

Encrypt and decrypt plain texts using the AES algorithm. The key used for encryption is configured as a constant and remains on the application server.

2.1 Typical Use Cases

The typical usage scenario is when a project/module consumes a service where a user name and password are required, you can store the password in an encrypted way in the database.

2.2 Limitations

  • Currently only AES is supported

2.3 Configuration

2.3.1 EncryptionKey Constant

Set the EncryptionKey constant located in the Private - String en/de-cryption folder. Make sure the key consists of 16 characters.

In version 2.2.0, the key length was increased from 128 to 256 bits. The EncryptionKey constant must now have a key with 32 characters. The LegacyEncryptionKey constant can be used for the 128 bits, in order to decrypt strings that were encrypted using an older version of the Encryption module.

2.3.2 EncryptionPrefix Constant

Set the EncryptionPrefix constant located in the Private - String en/de-cryption folder. The value depends on the module version you are using:

  • For version 2.2.0 or above, set the constant to {AES3}
  • For versions 1.4.1–2.1.3 , set the constant to {AES2}

3 FileDocument Encryption

Encrypt and decrypt the contents of FileDocument entities using the PGP algorithm. The key used for symetric encryption is embedded into encrypted file content. The certificate to use asymetric encryption of the symetric key is stored in the database.

3.1 Typical Use Cases

One of the typical usage scenarios may be a project/module that stores customer sensitive documents such as photos. In such a case, you may want to encrypt those documents in a way that only the owner can see.

3.2 Configuration

No configuration is needed. However, you should generate or upload certificates upfront using the CertificateManagement page.