User authentication to log in to SDMC is different depending on whether the user is internal or external, and whether you use SDS for C&M in external key management mode.
Internal users enter their e-mail addresses and passwords on SDS for C&M Encryption Portal, which sends them to the SDMC server. Passwords are sent via an SHA256 hash. SDMC checks the user’s credentials, so the user can request the keystore. After verifying authorizations, SDMC makes the keystore available to the user. Once connected, the user can protect or decrypt files.
Every time external users log on to SDS for C&M Encryption Portal with their e-mail addresses, they receive a unique access code that remains valid for two hours and is deleted after use. This code allows users to authenticate and retrieve the keystore they need to decrypt the file.
If you use SDS for C&M in external key management mode (PKI), SDS for C&M never stores the private key in the keystore of the SDMC server, and never publishes the associated public key. Users can connect to SDS for C&M Encryption Portal but cannot protect files or decrypt them there. They must do so via the SDS for C&M client because the keys are located on each end user’s device.
However, if a file is protected for a user in PKI mode via SDS for C&M Encryption Portal, this user will hold the external keys that SDS for C&M Encryption Portal generates, and will be able to decrypt the file.
External keys are associated with the user’s e-mail address. If the user’s account is deleted, the external keys will be kept and can be retrieved after a new account associated with this e-mail address is created.