Validating encryption keys

When a user moves a key from the Available Keys list to the Permitted Keys list, Trust Protection Platform encrypts sample data with the key, then stores the encrypted information in the Trust Protection Platform database. Every Permitted Key is associated with one piece of encrypted test data.

The encrypted test data is used at start-up to verify that the key is valid. Trust Protection Platform first uses the key to decrypt the test data, then compares the test data with the original sample. If the samples do not match, the key fails the validation test. Trust Protection Platform logs an error to the local Windows system event log and shuts down

NOTE If an encryption key is not valid, the error message logged to the local Windows system event log is “Encryption key 'driver_name:key_name' is not valid.”

The validation process is also repeated anytime a user clicks the Test & Load Keys option or saves changes in an Encryption Driver object.