How does encryption work?

Each encrypted file is encrypted with a randomly generated key called Data Encryption Key (DEK) using algorithm AES-256. This randomly generated and unique DEK is encrypted and stored as a file header together with the encrypted file, increasing the original file size by 4 KB.

The DEK is encrypted with a Key Encryption Key (KEK). This KEK is stored in the central SafeGuard Enterprise database. It will be assigned by the security officer to a single user, to groups or to organizational units.

To decrypt an encrypted file, the user must have the KEK specific to this file in their key ring.