Encryption Configuration Feature in eCatalog

Robust Data Protection Through Advanced Encryption Key Management:

eCatalog employs a sophisticated encryption system to ensure data security, using strong AES encryption by default. This feature allows administrators to manage encryption keys effectively through a dedicated configuration page, ensuring that sensitive information remains protected against unauthorized access.

Key Management in eCatalog:

• Crypto Key (Application Key)
• Flexibility in Management
  The Crypto Key, or Application Key, is used at the application level. Administrators have the flexibility to change or reset this key as needed without impacting the accessibility of existing encrypted data. When a new Crypto Key is set, it is applied only to new records, while existing data remains encrypted with the old key.
• Operational Security
  Regular updates to the Crypto Key can enhance security by ensuring that the encryption remains robust against potential vulnerabilities.
• Account Key (Server Level Key):
• Critical Caution in Handling
  The Account Key operates at the server level. Changing this key means that all existing encrypted data becomes unreadable, as the new key does not decrypt data encrypted with the old key.
• Secure Change Process
  To prevent accidental changes, resetting the Account Key requires administrators to complete a CAPTCHA verification. This adds an extra layer of security to ensure that such critical actions are intentional and authorized.
• Pre-Use Recommendation: 
  It is advised to set or change the Account Key before the system goes into operational use. This ensures that all data encrypted during regular use remains consistent and secure.
• Server-Specific Encryption
  The Account Key is particularly useful for scenarios where data encrypted on one server should not be decryptable on another, enhancing data isolation and security.

Benefits of Effective Encryption Key Management:

• Enhanced Data Security
  Managing encryption keys properly ensures that sensitive data remains secure, even as it is stored and processed within eCatalog.
• Controlled Access
  By allowing administrators to manage keys, eCatalog provides a controlled environment where data security can be tailored to specific operational requirements and risks.
• Compliance and Reliability
  Proper key management supports compliance with data protection regulations and standards, which often require robust encryption practices and key security measures.

Configuring Encryption Keys:

• User Interface
  Administrators can access the encryption key settings via the encryption configuration page in eCatalog's administrative dashboard. This interface provides tools for key management, including resetting the Crypto Key and the Account Key under stringent conditions.
• Best Practices for Key Management
  Regularly review and update encryption keys, implement strong access controls for key management functions, and ensure that key changes are logged and auditable to maintain system integrity and compliance.

By default, system will use strong AES encryption to protect the data.

Administrator can reset the encryption key using the configuration page.

There are two types of keys in eCatalog:

• Crypto Key, also known as Application Key.
  This key is on application level key. Administrators can change/reset the key as often as he wishes. When changing the key, the existing encrypted data is still readable, using the old key. The new key will be applied to new records.
• Account Key. 
  The Account key is on server level. If administrator change Account Key, the existing encrypted data can NOT be readable anymore.
  To avoid administrator accidentally change/reset Account Key, administrator has to enter CAPTCHA.
  It is recommended to change Account Key before user start using the system.
  The Account Key is useful when you want the encrypted data from server A, cannot be decrypt-ed on other server.

Reseting Crypto/Application Key is good enough to protect the data.