Encrypting Properties and BLOBs
PRPC 5.3 enhances the security of your work data with the addition of two new features:
In both cases you must provide your own cipher algorithm. Out of the box, PRPC contains a sample algorithm but it is NOT meant for production use. The class com.pega.pegarules.crypto.PRCipherSampleBF can be used for testing this functionality, but you must create an appropriate cipher for production use. Instructions on building a cipher can be found under the help topic Working with the PegaRULES Database — How to Encrypt the Storage Streams of Selected Classes.
To set up PRPC for encryption, you must update the prconfig.xml on each node. After updating, you must restart your PRPC application.
Encrypting the Blob
To set the encryption for the entire work object stream, click the “Encrypt BLOB” checkbox on the Rule-Obj-Class definition of the work object you wish to encrypt.
Note: Once instances of this class exist, you are unable to change this value. An encrypted Blob shows the entire blob decrypted on the clipboard.
To set an individual property as encrypted, set the property’s type to TextEncrypted and the HTML property to ShowTextEncryptedPropertyValue. You must also create a rule access When to determine when the value can be shown in clear text. This is useful in allowing certain users to see the value in clear text while masking the value for other users.
Encrypted properties are displayed as asterisks and the values are encrypted directly on the clipboard. As mentioned previously, an encrypted Blob shows the entire blob decrypted on the clipboard.
Some additional notes on encryption: