You are viewing limited content. For full access, please sign in.

Question

Question

Decrypting volumes - password prompt?

Laserfiche Security
Updated June 28, 2018
asked on May 2, 2017

I've been looking at the volume encryption and decryption and wanted to clarify a specific behaviour.

If I encrypt a volume then it seems I am (and any other user with sufficient rights) able to perform the decryption without being prompted to enter the encryption password. This is true until the point the Laserfiche Server service is restarted, after which time you are challenged for the encryption password as the volume is in a secured state. 

I can understand why this may be the case but to some it may seem undesirable that an admin user can decrypt a volume without providing the encryption password? Assume this isn't an oversight but curious to know what the reasoning is as the behaviour didn't match my, or the customers expectations.

1 0

Answer

SELECTED ANSWER
replied on May 2, 2017

Volume encryption is intended to protect the volume data when it is at rest. Once the volume has been unsecured, it is "live" and anyone with read access to the volume can access it. We reasoned that at that point, anyone with administrative privileges should be able to decrypt the volume because they could also read/write data in the volume without requiring the password.

3 0

Replies

replied on May 2, 2017 Show version history

Hi Nigel,

This is the difference between an encrypted and secured volume. The volume is in a secured state following system start-up in order to prevent unauthorized access in the case that someone, say, got ahold of backups and is accessing through Laserfiche directly. In that case, all actions that would involve being able to view the contents require the password. In the unsecured state it's more a precaution for people trying to access the document behind Laserfiche's back. In that case the files in the file system are encrypted, but all normal operations within Laserfiche are based solely on administrative rights and privileges. 

https://www.laserfiche.com/support/webhelp/Laserfiche/10/en-US/administration/#../Subsystems/LFAdmin/Content/Encrypted_Secured_Volumes.htm and https://www.laserfiche.com/support/webhelp/Laserfiche/10/en-US/administration/#../Subsystems/LFAdmin/Content/Why_Encrypted_Secured_Volumes.htm has more information in general. 

2 0
replied on June 28, 2018 Show version history

Hi Justin,

Is it possible to turn off the secure locking / encryption if you have full admin rights without having the volume unlock password?

Is there any possibility of the files being unreadable after removing the encryption without a password?

many thanks

0 0
replied on June 28, 2018

There is no way to disable or remove encryption without the volume unlock password. 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...