Data encryption is the process of encoding data in order to protect the confidentiality, integrity, and authenticity of information during transmission. Aperture Data Studio is designed with integrated security features, and one of these is data encryption - the capability of encrypting exported data and decrypting imported data.

Cryptography as a field has spurred the birth of public key encryption, which is an industry standard cryptographic system. In public key encryption, a public key is used for encrypting data, whereas a corresponding private key is used for decrypting data.

The supported encrypted file types are:

  • Pretty Good Privacy (PGP)
  • .ZIP files

Additionally, Aperture Data Studio also supports encryption key management. Encryption keys can be assigned to specific users or roles through RBAC. Users with this capability are able to save, export, and import encryption keys in a secured manner.

Aperture Data Studio supports public key encryption for Pretty Good Privacy (PGP) encrypted files.

PGP is a key-based encryption method which utilizes two cryptographic keys; a public key to encrypt a file and a corresponding private key to decrypt it.

When generating a PGP key pair, a passphrase has to be specified. This is required by the private key; only an authorized user with knowledge of the passphrase can use the private key. This provides a two-layer protection against unauthorized access to the contents of the encrypted file.

Aperture Data Studio supports password-based encryption for encrypted .ZIP files. Compressed .ZIP files can be protected using an encryption facility based on a specified password. In order to extract the original content from the ZIP archive, the correct password has to be provided.

Prerequisites

To manage data encryption operations, ensure that:

  • you are assigned the Create Key Encryption capability.
  • the Manage permission is assigned to users who will manage (edit, add or delete) keys in Data Studio.
  • the Use permission is assigned to all users who should be able to view and use the keys for importing/exporting encrypted files in Data Studio.

Creating data encryption keys

To create a key:

  1. Navigate to System > Data encryption and select Add new data encryption.
  2. Select the encryption type.
  3. Give the encryption key a name and optional summary.
  4. Specify the usage type of the key. You may select either one or both usage types but at least one must be selected.
  5. Depending on the encryption type selected, complete the fields necessary to configure the data encryption. Find out more about PGP and ZIP files.
  6. Click Next.
  7. Assign the required users.
  8. Click Finish to save changes.

Editing data encryption keys

To edit a key:

  1. Navigate to System > Data encryption.
  2. Select the required key and click on the hamburger menu in the Options column.
  3. Select Edit details to update the configuration of the key. You can also Enable, Disable or Delete it.
  4. Click Finish to save changes.

Using data encryption keys

When importing or exporting any encrypted files, a valid encryption key is required to ensure that the operation is permitted for the user.

Data encryption keys can be pinned to a particular usage in Datasets or Workflows, so that the same encryption key is used consistently.

Load encrypted Datasets using a data encryption key

When adding a Dataset from an encrypted file, you will need to select an existing encryption key or enter a new encryption key to be associated with the Dataset. The data encryption keys available for selection are only those that your user has permission to use.

Once set, this data encryption key will be used whenever the Dataset is refreshed by any user, even for those with no direct permission to access the data encryption key.

Data encryption keys are available in different Spaces within the same Environment.

To upload a locally stored encrypted file:

  1. Go to Datasets.
  2. Click Add Dataset.
  3. Select Upload file for a locally stored encrypted file.
  4. Click Next.
  5. Click Browse for file and select the required one.
  6. Click Next.
  7. Select the required Encryption mode - either Select a decryption key or Enter a new decryption key. If the first option is chosen, existing data encryption keys will be available for selection through a dropdown chooser.
  8. Assuming Enter a new decryption key is selected, enter the required parameters to decrypt the file.
  9. Enable the Add to existing keys option to save the encryption key for future use. Provide a new encryption key name.
  10. Continue with the Dataset upload process.

Export an encrypted file from a Workflow

When exporting records using the Export step in the workflow designer, the user will need to specify the data encryption key to be used to encrypt the output file. You can specify the desired encryption type for the exported file.

Another user with access to the Space can modify the data encryption key used in the workflow's Export step. Once the data encryption key has been set, this data encryption key will be used whenever the workflow is executed (including scheduled execution), even by those with no direct permissions to access the data encryption key.

Additionally, you can also export encrypted files to an external system in the same manner. Find out how to export data to an external system.