An overview of document encryption and why DRM is needed for document control
What is document encryption?
Document encryption is the process by which documents are protected with cryptographic keys (a password, public key, token, etc.) so that only individuals with the corresponding decryption keys (the same password, private key, token, etc.) can open them. It is used to protect documents in transit (i.e. sent via email) and at rest (i.e. stored on a disk or in the cloud) from being accessed by unauthorized users.
Document encryption applications
Document encryption programs can either be standalone applications (like PGP, which encrypts any files and not just documents) or plugins to certain applications like MS-Word or Adobe Acrobat which enable documents to be encrypted when they are saved to disk. For further information on Adobe Acrobat encryption see PDF encryption and password security and Adobe LiveCycle Rights Management.
Not all document encryption is equal. Whilst most document encryption programs provide NIST approved AES 256 bit encryption they vary with their protection methods – some provide password protection, others use hardware tokens, whereas others provide public key technology (PKI). Each scheme has its own pros and cons – passwords can be given away (and are often weak and therefore easily broken), tokens have to be distributed and maintained, and public key technology has to have a management hierarchy.
Why encrypt documents?
According to some politicians, if you have nothing to be worried about then you don’t need encryption! Strange. Historically there were five groups of people who wanted encryption:
- Purveyors (traders)
- Princes (the military)
- Politicians (diplomats)
- Paramours (lovers)
Unlikely though it may seem, purveyors come out top of the list. The earliest preserved writings were sales manifests on baked clay tablets, and early cryptographic documents included a recipe for pottery glaze. So maybe trade is the most important thing of all? Consider – the famous Enigma machine was first used in commerce before being taken up by the military. So it is important to preserve commercial activity, and there is a lot more of that than all the others. It’s just so much less exciting.
So maybe you don’t need a lot of imagination to figure out that each group must have had information they want to share, but only with carefully selected people, and not always on the same basis for each recipient. And you can also figure out that they would want to be sure that the information did not get in the wrong hands, was not changed or misrepresented, and maybe could be denied if necessary. And that is just what document encryption provides.
Encryption is the most valuable tool supporting our commonest security requirements for Internet based transactions. SSL encryption is ubiquitous for protecting information as it races round the networks from tablet to bank to merchant, or to anywhere else for that matter. Because of that Internet trade is underpinned by something that makes it all tick.
Document encryption isn’t just useful – it’s the essential technology for securing documents in today’s society on the Internet.
But here’s the rub.