Cloud Storage Encryption rule set
The Cloud Storage Encryption rule set is a library rule set for encrypting and decrypting data that is uploaded to and downloaded from cloud storage services.
| Library rule set – Cloud Storage Encryption |
|---|
| Criteria – Always |
| Cycles – Requests (and IM), Responses |
The rule set contains the following rules.
| Rule Name | Rule | Description |
|---|---|---|
|
Set encryption password |
Always –> Continue – Set User-Defined.Encryption Password = "webgateway" | The rule uses an event to set the default password for Web Gateway as the password that is used when data is encrypted. |
|
Enable encryption |
CloudEncryption.IsEncryptionSupported<Default> equals true –> Continue – CloudEncryption.Encrypt(User-Defined.Encryption Password)<Default> |
The rule uses the CloudEncryption.IsEncryptionSupported property to check whether encryption of data can be performed. If this is the case, an event is used to perform the encryption. |
|
Enable decryption |
CloudEncryption.IsDecryptionSupported<Default> equals true –> Continue – CloudEncryption.Decrypt(User-Defined.Encryption Password)<Default> |
The rule uses the CloudEncryption.IsDecryptionSupported property to check whether decryption of data can be performed. If this is the case, an event is used to perform the decryption. |
|
Fix content type after decryption |
CloudEncryption.IsDecryptionSupported<Default> equals true –> Continue – MediaType.Header.FixContentType | The rule uses the CloudEncryption.IsDecryptionSupported property to check whether a decryption of cloud storage data was performed. If this is the case, an event is used to modify the Content-Type field in the header of the response that was sent to deliver the data to Web Gateway. Cloud storage services set this field by default to application/ octet-stream, as they are not able to recognize real media types when data is encrypted. The MediaType.Header.FixContentType event sets the field to a value for a real media type.set to the value This rule fixes the issue that cloud storage services set this field by default to application/octet-stream, as they cannot recognize different media types when data is encrypted. The MediaType.Header.FixContentType event sets the field to a value for the real media type. The rule is not enabled by default. |
|
Log encryption password |
CloudEncryption.IsEncryptionSupported<Default> equals true –> Continue – Set User-Defined.encrypt-log.= DateTime.ToGMTString + ", User: " + Authentication.UserName + ", IP: " + IP.ToString (Client.IP) + ", Service: " + CloudEncryption.ServiceName + ", Cipher: " + CloudEncryption.CipherName<Default> + ", Password: " + User-Defined.EncryptionPassword FileSystemLogging.WriteLogEntry (User-Defined.encrypt-log)<Encryption Log> |
The rule uses an event to create a log entry for an encryption. A second event is used to write this entry into the log called Encryption Log, which is specified by the event settings. Since data is written into the log in encrypted format, you need a password to access it (default password: webgateway). The rule is not enabled by default. |