Encryption information
The encryption is performed in the same manner in all Pointsharp servers and products. Shortly stated, the data is salted, checksum AES256-encrypted with the key stored in the keys.dat file.
This encryption is used in, for example, the Pointsharp ID Admin GUI when configuring passwords like LDAP administrator password. It is also used for the Pointsharp users' password data and secret token data.
- AES256
-
AES encryption with key length 256 bit
- The key
-
-
The key is random data created at first startup using the random CSP in the Windows Server operating system.
-
The key is stored in the keys.dat file and reused for the entire lifetime.
-
The keys.dat file data can be changed. For example if a more secure random source is required. Beware that Pointsharp software as of today do not support key change so if a key change is wanted, a full re-encryption process needs to be performed. This would require some scripting and downtime (consult the Pointsharp support on this).
-
- Salt is added to the data
-
The same data will never be the same encrypted value.
- A simple checksum is added to the data
-
Used to detect whenever the data has been tampered with, or if the server possesses, the wrong encryption key.