21.18 Custom Keys

Users can select the encryption algorithm for client-side file encryption and set custom keys while backing up key information.

Encryption Algorithm Settings

Log in to the console and go to Document Security Management -> Document Encryption Algorithm Settings to open the settings dialog. Click Modify in the "Encryption Algorithm" group box. You can use the default encryption algorithm or choose a custom algorithm. Currently, four algorithms are available: DES, 3DES, AES128, and AES256.

Encryption Key Settings

In Document Security Management -> Document Encryption Algorithm Settings, click Modify in the "Encryption Key" group box. You can use the default encryption key or define a custom key.

When using a custom key:

• If Generate New Custom Key is checked, you can randomly generate or manually enter a new key as the custom key.
• If Generate New Custom Key is unchecked, the latest key from the existing custom keys will be used.
• Notes are required for all custom keys.

All keys are saved. The latest key is used for encryption, while all keys are tried during decryption to ensure files encrypted at different times can be successfully decrypted.

Backup Custom Encryption Keys

In the Encryption Key group box of the Document Encryption Algorithm Settings dialog, click Backup to export and save key information to a specified location.

Click Import to import previously backed-up key information. During import, you can choose to use either:

• Local Custom Key as Current Key, or
• Imported Custom Key as Current Key.

If redeploying the server and you want to import the backup keys from the old server as custom keys and use them, follow these steps:

• When importing the backup keys, select Import Custom Key as Current Key in the dialog.
• In the Encryption Key settings, select Use Custom Document Encryption Key, leave Generate New Custom Key unchecked, and click OK to complete the setup.