How are files encrypted?
- Updated On 19 Oct 2020
- 1 Minute To Read
SecureCircle utilizes the OpenSSL toolkit to encrypt files using AES 256-bit encryption keys. Session traffic is secured using TLS with 2048 - bit encryption keys. SecureCircle's encryption is based on our patented technology which created a Portable Encrypting File System (PEFS) which represents itself as a file to the operating system. Applications are unaware there is any difference between an unprotected file and a SecureCircle protected file. SecureCircle Data Access Security Broker (DASB) will broker all access control and permissions between the user, device, process/application, and network and the underlying file system. When an unprotected file is selected for protection, the SecureCircle client/agent will transfer the original file to the new PEFS in real-time. The PEFS is presented as the original file to the operating system.
- The contents of the file are migrated into the PEFS for protection. Each file becomes its own PEFS with its own encryption key.
- The PEFS remains encrypted at all times: at rest, in transit, and in use.
The SecureCircle client/agent monitors each request to the PEFS and ensures the device, users, application process, network, etc. are allowed to access the content.
The PEFS decrypts the requested portion of the file and sends the requested information to the operating system memory for the application to utilize.
The original unprotected file and the protected file/PEFS have the same MD5 checksum. The host operating system and applications can't tell the difference between the original file and the protected version. (Assuming permission is granted to the application to see the contents.) This allows SecureCircle to work transparently with any application. Only unauthorized access will see permission errors or operating system errors that say the file looks like a corrupt file. The file is actually not corrupt, but the operating system is not allowed to read the data.
- The PEFS does actually grow in size compared to the original file. This PEFS contains new metadata to identify itself.