Home»Support»Frequently Asked Questions»Cryptographic Features of Centralpoint
  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size

Cryptographic Features of Centralpoint

Cryptographic Features of Centralpoint

Symmetric Encryption

  • Type
    • RijndaelManaged encryption with a 256 bit key.
    • The Key is generated from a base64 string stored in the Admin > Settings module. The maximum key size supported is 256 bit. Changing this key will invalidate any encrypted values already stored in the system.
  • Use Cases
    • Passing configuration data in web requests (query strings, form fields, or JSON).
    • Credentials stored in scheduled tasks like Data Update.
    • Credentials stored in modules like Retention Policies, Email Access, Global Login, Forms, Ecommerce.
    • User authentication token cookies used for the Web API and Word Add-In.
    • PDF Passwords stored in session state for file output.
    • FormState CpScripts can be used to encrypt data passed into the system using Forms Management.
    • Credit card information stored in Ecommerce Billing when enabled.

Password Hashing

  • Type
    • Passwords entered in version 8.9.14 or later are hashed using Rfc2898DeriveBytes. This implements password-based key derivation functionality, PBKDF2, using a pseudo-random number generated based on HMACSHA1. The hash is generated using a 32 character salt and 10,000 iterations.
    • Passwords entered prior to version 8.9.14 may still exist and were combined with a 10 character random salt and hashed using the SHA1CryptoServiceProvider. This computes the SHA1 hash for the password and salt using the managed library. These passwords will be updated the next time the user logs in.
  • Use Cases
    • Master > Admin > Users
    • Site Architecture > Administrators
    • Members
    • Master & Client Console Logins
    • Web site authentication via Site Architecture > Administrators or Members. This does not apply to front end authentication non-Centralpoint global logins.
    • Verify that values passed to the system were not modified during transmission.

Machine Keys

  • Type
    • Defaults to HMACSHA256.
    • Managed in the Admin > Settings module.
  • Use Cases
    • Message Authentication Code (MAC) Operations
    • View State Validation
    • Session State Isolation

Data Transmission (HTTPS)

  • All sites and consoles support HTTPS.
  • Consoles can require HTTPS using Admin > Properties > Console Requires Secure Channel.
  • Web sites can force HTTPS using Admin > Friendly URLs.
  • SSL or TLS security must be configured manually in IIS.
  • HTTPS can be added to all web service communication using Admin > Settings.

Transparent Data Encryption (TDE)

  • SQL Server TDE can be used to encrypt data in the database at rest.
  • This must be configured manually at the database level.