Importing encryption keys

WARNING
This section applies to the “External PKI” usage mode only.

If you use a PKI solution, SDS Encryption Portal allows you to use the keys generated by your solution for encryption and decryption operations on the portal, between users of the same tenant.

When users first log on to SDS Encryption Portal, they can import their private key/certificate pair in .p12 format.

If your organization also uses the Stormshield Data Security solution, using the same keys for SDS Encryption Portal and for Stormshield Data Security ensures interoperability between the two solutions. The same files can be encrypted or decrypted either from SDS Encryption Portal or from Stormshield Data Security.

To import the keys into the portal, instruct your users as follows:

  1. Go to SDS Encryption Portal and log in.
  2. Click on Profile Icon in the upper right corner, and select Import a .p12 file.
    The .p12 file must contain:
    • a single private key and certificate,
    • The attribute E corresponding to the user's e-mail address.
  3. Import the file and enter its password.
    The private key is securely stored in the “IndexedDB” section of the Web browser, and the certificate is published in the tenant database.

The following principles must be observed:

  • If a user does not import their encryption keys the first time they log on to the portal, keys are generated on the fly and stored by the portal. In this case, interoperability with the Stormshield Data Security solution is not possible. If you ultimately want the user to use their own encryption keys, please contact your Stormshield sales representative.

  • If a user wants to log on to the portal from another browser or device, they will need to import their encryption keys again.

  • If the private key or certificate is changed, the user can re-import their keys by following the same procedure. The new .p12 file replaces the previous one.

  • Once a user has imported their encryption keys into the portal via a browser, if a different user uses the same browser to logo on to the portal, the private key stored by the browser is automatically deleted. The new user can then import their encryption keys.