When is encrypted data automatically decrypted?


If a data group is stored encrypted “at rest” (i.e. encrypted in the entity storage path with an encryption key), how does the data get decrypted?


Viewing a document automatically decrypts the document while it is being viewed. This happens whether you are viewing the document through the document viewer or viewing it natively.

Processes which are designed for taking data out of ImageSilo will also automatically decrypt the data group and associated files. These processes include migration jobs, exporting, or emailing documents.

Documents remain encrypted when executing a backup job for specific data groups. Backup jobs are intended to back up data that will be restored at some point into a local PaperVision Enterprise (PVE) installation.

Because the SQL database used in ImageSilo knows that the data group is encrypted with a specific key name, there is no need to decrypt documents during the backup. The backup package is intended to be used only inside ImageSilo (or a local PVE system) and includes the encryption key.

If there is a need to run backup jobs on decrypted data that is currently encrypted, the data group will need to be submitted for decryption by the automation service first. The backup job can then be run once the decryption process finishes. After the backup job completes, the data group can be re-submitted for encryption if needed. However in this scenario; a migration job may be a better alternative as it automatically decrypts the data for use outside of ImageSilo (or PVE).

Filed under All Versions, ImageSilo®

Last modified Aug 22, 2016

Submitted Aug 22, 2016

Related Articles

Share via Email Print