Encryption Key Data
To access this page in SOLO Server, click the Configure / Products menu then use the Actions dropdown and click View Encryption Key Data.
Many of the SOLO Server XML web services require data to be encrypted and digitally signed. Additionally, Protection PLUS 5 SDK relies on data encrypted and signed by SOLO Server to secure its license files and its web service calls. If your application integrates with any of these web services, or uses Protection PLUS APIs that require encryption key data, this page provides the data your application needs.
Regardless of the format used, you should make a reasonable attempt to hide any and all key/envelope data in your application. To do this, you may use techniques such as (but not limited to) storing the data as a byte array in code, and breaking it up into several pieces/chunks spread throughout different areas of your source code. Doing this will help prevent hackers from easily viewing your key just by opening your .EXE file, and is especially important when using writable/self-signed license files with Protection PLUS 5 SDK.
Additionally, if your application is written in .NET, the use of an obfuscation utility is strongly recommended! These utilities typically help hide and encrypt this sensitive data.
Envelope
If you are using Protection PLUS 5 SDK version 5.12.1.0 or later, then your application should use the Envelope format. This format provides an extra level of convenience by bundling the raw data needed into a single blob format, and provides extra security since it is digitally signed and encrypted by SOLO Server. (This helps protect your application against key-substitution attacks.) Each time you visit this page, a new envelope is generated using a new, random encryption key. You may revisit the page for new envelopes to use in new applications, or in new versions of the same application. Generating a new envelope will not break compatibility with older applications that use previously generated envelope data. Your application will need to know both the Envelope and its corresponding Envelope Key to use the data stored in the envelope correctly.
If you are using Protection PLUS 5 SDK version 5.21.4.0 or later, it is recommended to use the Envelope containing the 4096-bit encryption keys. Encryption and decryption using the larger key size has little increase in processing time due to a combination of symmetrical and asymmetrical encryption being utilized.
When using Volume licenses or Downloadable licenses along with 4096-bit keys, you will need to set the key size on the SOLO Server Product, otherwise SOLO Server defaults to the 1024-bit keys to encrypt the license data. Setting the key size is not necessary when using any web service endpoints as SOLO Server will determine the encryption key size based on the incoming request data.
Raw Key Data
If you are using an API which does not support the Envelope format (such as versions of Protection PLUS older than 5.12.1.0, Instant Protection PLUS 3, the Automation Client or Client Services libraries, etc...), then your application will require the raw key data, which includes the Encryption Key ID, Server Key, and Client Key. If your application is written in .NET, you will need to use the CSP blob formatted Client Key and Server Key; otherwise, you should use the XML formatted data instead.
Security Requirements
The Require Encryption and Require Signature fields typically always show True, and cannot be changed in SOLO Server's web interface for security reasons. However, if you encounter a circumstance where any of these requirements need to be made optional (such as government, military, or export requirements or restrictions), please submit a ticket with your request.