Encryption Overview

Keeping sensitive information secure is important in ensuring customer safety. One of the most common ways to do this is with encryption. Encryption is taking plain text and scrambling it into an unreadable format. 

How Encryption is Handled in Decisions?

Decisions utilizes encryption with data stored in the database for data structure fields marked with either the Encrypt Data or Contains PII setting. The standard AES 256 encryption algorithm is used to encrypt the data, and the secret key that encrypts the data values is stored in the keys.dat file. This file is located at C:\Program Files\Decisions\Decisions Server\Instances\Control and must be identical on all cluster nodes so that they can decrypt the data in the database that they share. Encryption can be configured globally and/or at the field level. Performance implications should be considered when configuring globally.

Frequently Asked Questions

Below are some of the most frequently asked questions about Encryption.

When a data structure is encrypted, does the key reside in the database or on the server?

When a data structure is encrypted, the key resides on the server.

Is it possible to double-encrypt data using a custom key?

Data can be encrypted before storing it in a data structure field that also encrypts it. For example, double encrypting can be done by setting the field on a data structure to be Encrypt Data or Contains PII, encrypting the data to be stored in that field, and mapping that encrypted data into the field of that data structure.

Are there steps available that will encrypt data using the Rijndael block cipher chosen by the National Institute of Science and Technology (NIST) as the Advanced Encryption Standard (AES) with a key length of 256 bits?

There are classes available. They can be accessed by installing the PGP module and then navigating to INTEGRATION > .NET LIBRARIES > ORG > BOUNCYCASTLE.