Document Encryption > Document Encryption

You are here: Document Encryption >Document Encryption - FAQ

The document encryption feature allows you to store documents added to a Globodox DB in an encrypted form.

The encryption feature ensures that documents cannot be opened for viewing or editing using Windows Explorer. Only users authenticated by Globodox can view the document or open it for editing, if they have the required permissions.

The document encryption feature works for any file type.

The currently available encryption algorithms supported by Globodox are AES, Blowfish and Triple-DES.

AES - Advanced Encryption Standard

AES is Advanced Encryption Standard, approved by Federal Information Processing Standard (FIPS-197). This standard specifies Rijndael as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.

The AES algorithm is a symmetric block cipher, capable of using 128, 192, and 256 bit keys. AES is used widely both in the USA and internationally.

Blowfish

Blowfish is a symmetric block cipher that takes a variable-length key, from 32 bits to 448 bits. Blowfish was designed in 1993 by Bruce Schneier as a fast alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm.

Triple DES

DES (Data Encryption Standard) is a symmetric block cipher developed by IBM. It was turned into a standard by the US National Institute of Standards and Technology (NIST), and was also adopted by several other governments worldwide. The algorithm uses a 56-bit key to encipher/decipher a 64-bit block of data. Triple-DES is a more secure variant of DES in which DES is applied three times.

The key strength specifies the length of the key phrase used to encrypt the document. Generally speaking, larger the key strength, more secure the encryption will be. A common form of attack to decrypt an encrypted document is the "brute force attack". Here the attacker simply tries all possible key phrases till the correct key phrase can be found. Even a small increase in the key length increases the number of possible key phrases exponentially. This greatly increases the difficulty for an attacker to "guess" the correct key phrase and thus decrypt the document

Depending on the algorithm Globodox supports the following key strengths...

•	AES 128 bit, 192 bit and 256 bit

•	Blowfish 128 bit

•	Triple-DES 192 bit

Just to give you an idea...

•	128 bits (i.e. 16 characters of text) corresponds to 3.4 x 1038 possible key combinations.

•	192 bits (i.e. 24 characters of text) corresponds to 6.2 x 1057 possible key combinations.

•	256 bits (i.e. 32 characters of text) corresponds to 1.1 x 1077 possible key combinations.

It would take a powerful machine to crack a 128-bit AES key.

The key phrase is the text that is used to encrypt the document. The document can only be decrypted when this text is supplied during decryption. If you forget or lose the key phrase then the document cannot be decrypted.

Globodox does not directly use the key phrase you enter to encrypt a document. Therefore you can type in a key phrase of any length and not necessarily something which is the same size as the key strength you have selected. Using a method known as hashing, Globodox generates a fixed length hash value of the key phrase you enter. This hash value (the length of which is the same as that required by the selected key strength) is used to encrypt the document. The hash value is what gets stored in the Globodox DB along with other details about the encryption. The actual key phrase you enter is never stored in the Globodox DB.

Since the encryption details are stored in the Globodox DB, as long as the Globodox DB is available you do not need to know the encryption details in order to decrypt a document using Globodox. If you forget or lose the key phrase you will still be able decrypt a document using Globodox as long as the Globodox DB is available.

However in the unlikely event of the Globodox DB being deleted or corrupted, the only way to decrypt and recover your documents would be if you could provide the key phrase used to encrypt the document.

Other encryption details (except for the key phrase or it's hash) are also stored inside the encrypted document. So if you can supply the key phrase, it will be possible to decrypt the document (even when the Globodox DB is not available) .

The encryption settings Globodox uses by default are AES 128 bit encryption with the default Globodox key phrase. These settings are referred to as Globodox Standard Encryption settings.

The document encryption feature can only be enabled if the Document Check In/Check Out feature has been enabled.

To enable document encryption for an existing Globodox DB...

In Globodox, click the Globodox button.
Click the Options button. The Options window will now be launched.
Click the DB Options node. The DB options will now be displayed on the right pane.
Check the Enable option of Encryption to enable the encryption feature.

Note: When you enable the document encryption feature for an existing Globodox DB, all documents currently added to the Globodox DB will not be automatically encrypted. They will stay in their decrypted form.

To disable the document encryption for an existing Globodox DB...

In Globodox, click the Globodox button.
Click the Options button. The Options window will now be launched.
Click the DB Options node. The DB options will now be displayed on the right pane.
Uncheck the Enable option of Encryption to disable the encryption feature.

To selectively encrypt a document using the default encryption settings of the Globodox DB...

Select that document in the List View pane.

Click the More drop down arrow and select the Encrypt option of the Home tab.

The document will be encrypted using the default encryption settings of the Globodox DB.

To selectively encrypt a document using non-default encryption settings...

Select that document in the List View pane.

Click More drop down arrow and select the Encrypt Using... option of the Home tab. The Encryption Settings Manager will now be launched.

If the encryption setting you want is available in the list then select it from the list and click the OK button.

If you want to create new encryption settings...

Click the Add button. This will launch the Encryption Settings window.

In the Encryption Settings Name box enter a name for the encryption settings.

From the Encryption Type drop-down list, choose the encryption algorithm you would like to use.

From the Key Strength drop-down list, choose the key strength you would like to use

If you would like to use the Globodox default encryption key phrase, then check the Use default encryption key phrase option.

If you would like to provide your own key phrase then uncheck the Use default encryption key phrase option and enter your key phrase in the Enter a key phrase for encrypting documents box.

Click the OK button to close the Encryption Settings window.

Click the OK button to close the Encryption Settings Manager window

The document will be encrypted using the newly specified encryption settings.

To decrypt a document...

Select that document in the List View pane.

Click the More drop down arrow and select the Decrypt option of the Home tab.

Please note that you do not need to enter any information while decrypting a document. This is because all the information required to decrypt the document is already stored in the Globodox DB. Since before opening the Globodox DB, a user would have already logged in and authenticated herself, there is no need for Globodox to ask for any other information before decrypting the document.