Encryption

Instance Encryption Key

The first time a Percussion CMS instance is started a new AES-GCM 256-bit encryption key unique to the instance is generated in the <InstallDir>/rxconfig/secure/.key location on the server.  This key is then used in all encryption operations going forward.  

Understanding Key Usage

The instance key is used during an internal operation that require encryption of sensitive data, like passwords, tokens , or access keys.  The key is also used to pass encrypted data to the DTS in the case for Form, Directory, or RSS widgets. 

Stand Alone DTS Installations

When the DTS is installed on a web server, different directory, or server than the CMS installation.  The secure directory and it's contents should be copied from:

<CMSInstallDir>/rxconfig/secure

to 

<DTSInstallDir>/rxconfig/secure

This ensures that the CMS and DTS are using the same Encryption and can successfully pass encrypted data between the applications.