Question

2
Replies
45
Views
MCCAR1 Member since 2009 26 posts
PEGA
Posted: 3 months ago
Last activity: 2 months 3 weeks ago

Application data encryption using custom KMS: can we use 256-bit key?

My client will implement property-level encryption using custom key management service. I believe this is covered by 'application data encryption' (not 'system data encryption').

We looked on this page for help: https://community.pega.com/sites/default/files/help_v84/procomhelpmain…

Here it says: 'The master key in the custom KMS must be a 128-bit AES key'. It also says: 'enter a code snippet similar to the example shown in step 2 of the sample activity pzSampleGetCustomMasterKey'.

We looked at this activity and in step 2 it needs to access remote services to (i) decrypt the ecdk, and (ii) encrypt the cdk (using a remotely managed master key).

Since this activity sends the cdk for remote encryption (and sends ecdk for remote decryption), Pega doesn't touch the master key at all, so does it really matter what type of master key is used?

If the answer to this is yes: why is this?

BTW client security team would like to use AES 256 because it is more secure than 128-bit.

Pega Platform 8.4.1 Security
Share this page LinkedIn