Types of ciphers
On the Data Encryption tab, you select the type of encryption to use in your application to encrypt and decrypt passwords, properties, and BLOBs.
Access this tab by clicking .
On this tab you select the encryption type to use in your application to encrypt and decrypt passwords, properties and BLOBs. The following options are available:
-
Platform cipher – The platform cipher uses the AES-256 cryptographic
algorithm to encrypt and decrypt sensitive case data in your application. You need to use
your own Customer Master Key (CMK), managed by your private Amazon Web Services Key
Management Service (AWS KMS). The keys stored in AWS KMS support time-based and on-demand
data key rotations. You do not need to create any custom cipher code for this encryption
option. One platform cipher can be used between multiple tenants. CAUTION:When changing the AWS KMS keystore, you must activate the new keystore before you delete or disable the currently active Customer Master Key.
- Custom cipher – If the platform cipher does not suit your company needs, you can choose to use a custom cipher. To use this encryption type in your application, you need to create your own custom encryption cipher. For more information, see the Pega Community article Creating a custom cipher in Pega Platform.
You can switch between the platform cipher and a custom cipher to change the encryption type for your application at any time. However, depending on what type of cipher you have chosen, Pega Platform uses the custom cipher settings or AWS KMS encryption keys to decrypt previously encrypted data. When you switch between cipher types, do not delete the custom cipher settings or the AWS KMS encryption keys.