Manage field encryption

The Manage field encryption function, accessible under System>Utilities>Administration tools,  works in conjunction with a function that allows a Data Dictionary field to be always displayed using a user defined display mask . 

For example. the data stored in RefTracker could be encrypted, and the display mask will define how to unencrypt it, so that despite being stored encrypted, it will always display in RefTracker as unencrypted.  The stored data might be:     

RxFmhUUprPbjIhrm5A5Agr    

and it might display as:     

123456789

Security measures include:

  • The encrypted and unencrypted values will never display in the same place, not even in the HTML of RefTracker pages. 
  • Regular changes of the encryption keys can be handled.  A routine is available that allows all encrypted data fields in RefTracker to be unencrypted, and re-encrypted using new parameters.
  • There are a series of hidden parameters that hold the encryption key details, and the parameters are themselves encrypted using a different encryption algorithm so they cannot be read in plain text from the database.
  • This functionality can only be run by Altarama.

FOR ALTARAMA USE ONLY:

When signed on as the Support user this screen provides access to other the Manage field encryption page functions.  This page is used to change the encryption parameters used to encrypt all fields marked in the Data Dictionary as encrypted.  This page can only be used by the Support user because it is usually important that the timing of when it is used be co-ordinated with the arrival of new encrypted Dynamic Lookups data.  A backup also needs to be taken before this routine is run.  A system restart is also required in order to trigger the run-once program that does the un-encryption/re-encryption and there are error messages and start-over mechanisms in place in case of failure mid run.

Encrypted data fields are displayed in RefTracker using a display mask.  The display mask is entered in the Data dictionary record for the field – this must be done by Altarama – and specifies that the encrypted field should only ever be displayed in RefTracker as a its unencrypted value.

INSTRUCTIONS FOR RUNNING THE RE-ENCRYPTION PROCESS USING MANAGE FIELD ENCRYPTION

  1. Negotiate date and time for Altarama to perform the changeover
  2. Confirm customer will pay for 3 hours support for us to do this process
  3. Before proceeding with the changeover ensure that you have both the file that contains the new vector and key, and the updated file of client contact information for DLM. The procedure cannot proceed unless a matching set of key/vector and data file are available.

1. Obtain the new vector and contact files when advised they are available by customer

 1.1 Pick up the Key/vector file using SFTP arrangements with the customer

 1.2 Pick up the matching dataset using the same instructions provided by the customer.

2. Take system offline

2.1 Take the customer’s system offline before starting the re-encryption process to prevent anyone from using it while the data does not match the key/vector. In Server Manager/ROLES/IIS stop application pool for that customer’s system.

2.2 Backup the database
**** It is absolutely imperative that we backup the database before applying the new parameters. ( If there is a problem and we re-encrypt existing records with bad values we will not be able to recover the original values.)

2.3 Make the new contact data file available to DLM

2.4 Copy <customer>wgb.txt  to D:\CDIM\DIMapp\client\<customer>\raw

rename file to  <customer>_Client_yyyymmdd.txt

run CDIM from start menu

choose <customer> from client menu, select <customer>_Client_yyyymmdd.txt and convert RAW to XML then XML to DB.

2.5 Test and reset the key/vector by signing on to the customer’s RefTracker system as a Support user, go to System > Utilities > Administration Utilities > Manage Field Encryption and input new IV and Key and click Test decrypt.   Test Decrypt allows for an encrypted value to be decrypted manually. Simply add the encryption key and initial vector along with an example of an encrypted value and decryption will be applied when the form is submitted.  Is the value returned the correct unencrypted value?

* Double check that the IV and Key have been entered correctly. Do not transpose these values!!

**Important – The customer’s system now requires restarting (recycle app pool or touch web.config).

2.6 Proceed to full re-encryption process (Submit) ONLY if the test is successful.  A system restart is also required in order to trigger the run-once program that does the un-encryption/re-encryption and there are error messages and start-over mechanisms in place in case of failure mid run. 

3. Put customer system back on line and advise that process is completed

In Server Manager/ROLES/IIS restart application pool for <customer>.

Advise customer that the process has successfully completed.

PROCESS FOR REMOVING ENCRYPTION FROM DATA STORED IN A REFTRACKER SYSTEM (should that be required)

To decrypt all the data stored in a field add the text “DECRYPT” to both textboxes.

New encryption key:      DECRYPT

New initial vector:          DECRYPT

Then click Submit.

The next time your RefTracker system is restarted a runonce will decrypt the linked field/s so that they are then stored in the RefTracker database as unencrypted data.

The following SQL also needs to be run against the RefTracker DB when this decryption process is used:

UPDATE [dbo].[field] SET [field_encryptionMode] = 0 WHERE  [field_encryptionMode] = 200