APIs by Example: Cryptographic Services APIs, Part 5

This installment of APIs by Example focuses on the tools required to create and remove data encryption keys: the Create Data Encryption Key (CRTDTAK) and Remove Data Encryption Key (RMVDTAK) commands, respectively. As its name suggests, the data encryption key is the cipher key used to perform the actual encryption of the cleartext string to be encrypted.

In the next installment of this series, I will show you how to use functions (which I’ll be providing) to successfully complete the cleartext encryption and ciphertext decryption process, using a data encryption key.

For now, I’ll continue with a very important warning concerning data encryption keys: Removing or destroying a data encryption key removes your access to the data encrypted with it as well. Consequently, if you cannot restore the data encryption key, you cannot restore your access to the encrypted data, if any. A secure backup policy for the key store is therefore mandatory.

Download the save file containing the source code.

Read the entire article

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s