Encryption of Media

yuuvis® RAD management-studio 10.x »

Data on media can be encrypted. Internal encryption operations use keys that are integrated in yuuvis® RAD. Project-specific keys use keys from the keystore on the application server. The keystore must be integrated in yuuvis® RAD management-studio.

Internal keys

Internal encryption keys for media are integrated and managed in the media management of yuuvis® RAD management-studio via Actions > General > Internal encryption keys.

The dialog shows internal keys that have been created. Double-click an entry to open the configuration dialog.

A new internal key can be created with the Plus icon Plus icon. A name and the encryption algorithm are entered.

Keys can be created based on the data of existing keys. The configuration dialog of existing keys also provides an Apply as copy function for this purpose.

Custom Encryption Keys

Custom encryption keys for media are integrated and managed in the media management of yuuvis® RAD management-studio via Actions > General > Custom encryption keys.

The dialog shows project keys that have already been created. Double-click an entry to open the configuration dialog.

A new project key is included via the Plus icon Plus icon.

Configuration:
Name Project key name
Provider
  • BC
  • SunJCE
  • SunMSCAPI

Algorithm

Selection via the list of encryption algorithms
Key Selection via the list of included keys

If the keystore is deleted, then the data can no longer be decrypted.

Integrating the Keystore

The keystore for project-specific keys must be stored in the following directory:

...<host-core-service>\standalone\configuration\

The keystore is integrated in yuuvis® RAD management-studio via Navigation > System > Settings > Core Service > Cluster > Depository on the Keystore tab.

Parameters:

Filename of keystore

Keystore designation

Password for keys Key password
Name of the provider Provider name
Keystore type Keystore type
Keystore password Keystore password
Use key password Active: Use key password
Use keystore password Active: Use keystore password

Example: Creating a Keystore

You can use the following example to create a keystore with keys.

  • Open the command prompt.

  • Enter the following:

    SET PATH=%PATH%;%CORE-SERVICE%\jdk\bin

  • Change to the \standalone\configuration\ directory of the installation directory of yuuvis® RAD core-service.

  • Enter the following:

    keytool -genseckey -alias DpsAESKey -keystore my.keystore -keyalg AES -keysize 256

    Follow the instruction and enter the keystore password and key password.

    Details about Keytool can be found in the Oracle documentation.

  • Include the keystore in yuuvis® RAD management-studio with the following parameters:

    Filename of keystore

    my.keystore

    Password for keys Key password
    Name of the provider SUN
    Keystore type PKCS12
    Keystore password Keystore password
    Use key password Active
    Use keystore password Active

Assigning Keys

The Encryption key parameter is displayed in the configuration of the media for encryption. Use it to assign a key to a medium. The list shows all keys, both internal and project-specific keys.