We currently have a need for two encryption contexts in our HR application.

One covers all the users of that application, the second covers a certain group within those users, so this group has two contexts of which to choose.

The reason for the second is to allow the attachment of sensitive documentation above and beyond what is normally encrypted in certain fields on the incident.

What I would like to do is always default to the general context so that they must choose the higher level each time they excrypt an attachment.

The higher level would only be used for attachments.

What I am trying to avoid is for them to have their context set to the higher level without knowing it and encrypting one of the fields that the other context must see.

i.e. They encrypt a document to the more secure context and then fill in an encrypted field which if they are the first to enter data, would be encrypted under the more secure context and be unavailable to the other groups with the lower context.