How are files encrypted in Vault?

Question

Does Vault encrypt files in storage? What encryption algorithm is used?

Answer

Vault encrypts files after they have been successfully processed. The algorithm used for encryption is Advanced Encryption Standard ( AES ) with Cipher Block Chaining mode and PKCS #7 padding. The block size is 128 bits and the cryptographic key is 256 bits. The algorithm is also using an initialization vector (IV) of 128 bits. The cryptographic key is derived from a randomly generated 256 bit passphrase and 64 bit salt conforming to the RFC 2898 standard.

It is possible to generate new cryptographic keys in order to facilitate key rotation. Please note that only new files will be encrypted with the new cryptographic key; files already uploaded before the key generation event will remain encrypted with the old encryption key(s).

The system stores all encryption keys in the database as UTF-8 encoded hexadecimal characters.

Following a successful key generation, the system will return the newly created cryptographic key as a UTF-8 encoded hexadecimal sequence of characters. It is possible to utilize a TPM (Trusted Platform Module) or HSM (Hardware Security Module) to store the key but it cannot directly be queried by the application. As stated above, application stores the keys in the database.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How long is the support life cycle for a specific version/release of MetaDefender Vault?
On This Page
How are files encrypted in Vault?QuestionAnswer