Hashing Algorithm
Keys are generated using Hashing algorithm on the data available for generating Keys.
Key Length | Hashing Algorithm |
128 | MD5 |
256 | SHA-256 |
Encryption Algorithm
AES algorithm is backbone of Ephesoft Encryption framework and it is used to encrypt and decrypt the data. Super admin has flexibility to choose between AES-128 / AES-256 bit algorithm. Ephesoft employs “AES-256” cipher which is a NSA Type 1 approved algorithm (suitable for classified national security information)”
Application Level Key- The Crux of Encryption
Application level key concept is very similar to a digital signature or a digital certificate which uniquely identifies an application/entity/organization/individual. Application level key in Ephesoft identifies an application belonging to a customer uniquely.
The Key (identity) provided for application key is used as a secure password for all the key stores generated through-out the process i.e. application level key is responsible for validating that the keys/key-stores being used throughout application at different stages belongs to a particular application (key/key-stores belonging to a particular application will not work on any other unauthorized application).
This key will also be responsible for authentication during the Batch XML decryption, which will not allow the Batch XML to decrypt outside the authorized application (unauthorized applications will not be able to decrypt Batch XML belonging to some other application).
Levels of Secret Keys
Level | Location | Mechanism | Key Length |
Application | <Shared-Folders>/ephesoft-key-store-file/ephesoft.keystore | Can be generated only once from UI. | 128 |
Batch Class | <Batch-Class-folder>/ephesoft-key-store-file/ephesoft.keystore | Configurable from UI. | 128/256 |
Batch Instance | <ephesoft-system-folder>/<Batch-Instance-ID-Folder>/ephesoft-key-store-file/ephesoft.keystore | Generated dynamically using Application Level Key and Batch Class Key. | Length of Batch Class Key. |
Fuzzy-DB Index | <Batch-Class-Folder>/<fuzzy-index-folder>/ephesoft-key-store-file/ephesoft.keystore | Generated dynamically using Application Level Key and Batch Class Key. | Length of Batch Class Key. |
Lucene Key | <Batch-Class-Folder>/<lucene-search-classification-sample>/ephesoft-key-store-file/ephesoft.keystore | Generated dynamically using Application Level Key and Batch Class Key. | Length of Batch Class Key. |
Test KV | <Batch-Class-Folder>/<test-KV-Folder >/ephesoft-key-store-file/ephesoft.keystore | Generated dynamically using Application Level Key and Batch Class Key. | Length of Batch Class Key. |
Test Advance KV | <Batch-Class-Folder>/<test-Advance-KV-Folder>/ephesoft-key-store-file/ephesoft.keystore | Generated dynamically using Application Level Key and Batch Class Key. | Length of Batch Class Key. |
Test Classification | <Batch-Class-Folder>/<test-Content-Classification-Folder>/ephesoft-key-store-file/ephesoft.keystore | Generated dynamically using Application Level Key and Batch Class Key. | Length of Batch Class Key. |
Test Table | <Batch-Class-Folder>/<test-table >/ephesoft-key-store-file/ephesoft.keystore | Generated dynamically using Application Level Key and Batch Class Key. | Length of Batch Class Key. |
Error Messages
Example Error Messages: | Probable Cause: |
‘Key store file doesn’t exist. | Any of key required for encryption/decryption doesn’t exist. |
Keys required for generating the dynamic key doesn’t exist | Any of the application key/ Batch Class Key required for generating the dynamic key doesn’t exist. |
Backup and Recovery
- To recover the data in case application key is lost. It is recommended that user should store the application key file in a secure storage device.
- It is also recommended to secure the Key-Store file unique password (key_password) from encryption_key_metdata table from the DB.
< Back | Documentation Home Page | How To Configure Batch Class Encryption >