Key Encryption Key Rotation - Encrypted Alpha Keywords - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Premier - external - Standard - Essential - Premier - Standard - Essential

Encrypted Alpha Keywords

Platform
OnBase
Product
Encrypted Alpha Keywords
Release
Foundation 23.1
License
Premier
Standard
Essential

The Key Encryption Key (KEK) used by OnBase is stored in two pieces. One piece is encrypted and stored in the OnBase database. The other piece is encrypted and stored in the OnBase Client and Configuration executables.

For OnBase Core Services modules, which include the Web Client and modules dependent on the OnBase Application Server, the second piece is also encrypted and stored in Hyland.Core.GrabIcon.dll, which is included with the OnBase Core files.

Note:

If OnBase Core Services modules are part of your OnBase solution, you cannot rotate the KEK without contacting your solution provider to obtain the GrabIcon.NET.exe file used in this process.

Note:

The GrabIcon.NET.exe executable requires Microsoft .NET Framework 4.8 or later to be installed.

You can rotate, or change, the second piece of the KEK as a security measure against outside forces (e.g., separated employees, social engineering). The concept is similar to changing a password. When you rotate the KEK, OnBase changes the piece that is stored in the OnBase software, generates new Client and Configuration executables, and creates a new copy of Hyland.Core.GrabIcon.dll. These files contain the new KEK piece.