Where are keys stored and how are they protected?
The Covata platform is divided into 2 discreet services, the Access service and the Content service. The keys are stored in the Access service, which manages all the security related information.
- The Access service is responsible for authentication, authorization, access control and key management.
- The Content service manages storing of encrypted files and can acting as a proxy for the user do encryption and decryption.
Every file and every view representation has its own unique key so that a single key can only be used with one file.
As of version 2.15, the keys are encrypted by a master encryption key (MEK) held by the Access service, so the keys at rest are themselves encrypted.
All file encryption is done using AES 256.