EDS encrypts sensitive data, such as passwords and secure parameters, before it stores the data in the storage.
EDS uses the encryption key that the domain uses to encrypt and decrypt sensitive data that is stored. You must keep the encryption key file and the keyword for the encryption key in a secure location.
To encrypt and decrypt sensitive data that is stored, EDS performs the following types of encryption:
- Encryption of the secure entity fields in the storage. To store the secure fields, the Administrator Daemon uses the infakeystore.kjs and infatruststore.jks SSL certificates that the domain provides.
- Encryption of secure data sent over the UM communication channel. When the Administrator tool sends secure data to the Administrator Daemon over the UM communication channel, the Administrator tool uses a key to secure the data, since SSL is not supported over UM communication. The key is generated in-memory and is valid only till the Administrator Daemon receives data securely and decrypts it.