Securing the External Key File

The encryption key used by PSCipher is stored in a key file named psvault. This file is critical to your system security. It is very important to protect this file using at least the concepts discussed in this section.

The key file should be secured and protected by your operating system with the appropriate file access permissions on all platforms. The recommended file access permissions are:

  • File ‘read’ access for only the administrators that need to run the PSCipher command-line utility to encrypt text.

  • File ‘read’ access for the only the administrators that need to start the application servers and web servers.

  • File ‘write’ access for only the administrators that need to run PSCipher –buildkey to create a new PSCipher key.

It will be a time-consuming task to recover your system if you accidentally damage or delete the key file. Therefore, it is important to save a backup of your key file. It is recommended that every time you build a new key that you backup your latest key file to a safe location.

Note: You only need to keep the latest version of your key file for your backup. The latest version contains a version history of previous keys.