There may be attributes that contain data that is only to be maintained or viewed by a very limited number of users such as medical information that is HIPAA protected. It is possible to encrypt an attribute so that a password has to be entered in order to view or edit values of the attribute. However, a cryptographic key must be created before creating an encrypted attribute. Note that the use of cryptographic keys requires a license.
Creating Cyptographic Keys
Cryptographic keys are created in the System Setup on the Users & Groups node. When creating a new cryptographic key in STEP a 32 byte file with the actual key will be needed. This key file must be kept in a safe place afterward, (possibly encrypted as well), where it cannot be accessed by intruders. In addition to the key file, an ID and a password have to be supplied.
The ID will be shown to users when prompting for the password, so it would make sense to make the ID human readable. The password is needed each time attributes using this key are encrypted or decrypted. The password can be changed after a cryptographic key has been created. After changing the password, all attributes using the cryptographic key use the new password but the data / values are not modified by changing the password.
Password Requirements
The minimum requirements for passwords are 8 characters containing at least 3 of the 4 groups:
- Lower case characters a-z
- Upper case characters A-Z
- Digits 0-9
- Symbols
Note: The Setup Action Maintain cryptographic keys is required in order to create / delete cryptographic keys as well as changing passwords for them.