If you want to encrypt the BLOB and properties, either in a new or an existing application; the attached implementation guide will help you step by step. The document also includes a deployment plan to make sure the encryption is applied correctly in other environments.
Step 1: Configure KeyStore
Step 2: Activate KeyStore
Encryption of BLOB
Removal of class instances
Encryption of exposed properties
Access Control Policy
Encryption in Exposed Properties – Issues and Design Patterns
Section Rules – Visibility conditions in expressions
Full Text Search
***Edited by Moderator Marissa to update Content Type from Idea to Discussion; added Developer Knowledge Share tag***
@mowam - Good post on encryption of BLOB data. But I am unable to visualize the usecase in this context. Also, why don't we use the password option for all the properties inside the BLOB and this is also a kind of encryption? Pls help me to understand on password Vs this encrypting option.
1) Instances need to be deleted as class level BLOB encryption check box only gets enabled if there are no instances in the class.
Above is what is recommended OOTB and supported for BLOB from what we are aware of
2) Again Access control policy is the recommended way forward. If you follow approach 1 then when you save a new record then any exposed property will be governed by access control policy. Alternatively for already created work objects you can try creating an access control policy for the exposed property and try and save the BLOB again and see if the exposed property gets encrypted or not.
deleted all instances, created the access control policy for the exposed column. But the varchar column still can be viewed in plain text; i.e. it is not encrypted. I checked the systemout.log file, seems the CustomCipher class is called; saw the "encrypting" and "decrypting" output. Any advise on what could be wrong? How can i check super.encrypt is called?