Where are keys stored and how are they protected?

The Covata platform is divided into 2 discreet services, the Access service and the Content service. The keys are stored in the Access service, which manages all the security related information.

  • The Access service is responsible for authentication, authorization, access control and key management.
  • The Content service manages storing of encrypted files and can acting as a proxy for the user do encryption and decryption.

Every file and every view representation has its own unique key so that a single key can only be used with one file.

As of version 2.15, the keys are encrypted by a master encryption key (MEK) held by the Access service, so the keys at rest are themselves encrypted.

All file encryption is done using AES 256.