Using customer supplied keys with Column Level Encryption Enterprise
You can use your own customer-supplied key instead of using the ServiceNow® system-generated keys.
重要:
These topics only apply instances using Column Level Encryption Enterprise, which is only available with the com.glide.now.platform.encryption plugin. See Activate Column Level Encryption Enterprise for more information on obtaining this plugin.
With Column Level Encryption Enterprise you can use your own keys for encryption. Administrators have the choice to use ServiceNow® supplied keys or your own customer-supplied keys (CSK) for encryption on the ServiceNow AI Platform.
重要:
To make use of the customer supplied key option, you must have your own cryptographic key.
Once you have your key, you can being using it on your instances by following these steps.
- 1. Configure properties for customer-supplied keys
- There are three system properties which define the size, padding algorithm, and validity period of the wrapping RSA key pair. Review these properties and adjust their values if the defaults to not fit your needs.
- 2. Wrap your customer-supplied key
- Use a cryptographic tool to wrap your key like OpenSSL to wrap the symmetric key to use for encryption with the downloaded public key.
- Configure and upload your customer supplied key
- Upload your wrapped your customer supplied key and configure cryptographic module to begin using your key for encryption on your instance.