Key Context

Key Context is coined as follows:

{Key Ring Id}-{Key Id)-{Key Version}

Example: BigPortfolio-BigApplication-1.0

Key Ring Id - Refers to the Department and Enterprise Area that owns the data being encrypted

Key Id - Refers to the Application within the Department that owns the data being encrypted

Key Version - Version number of the key

CIpherWorks has a one-to-one relationship between KeyContext and Encryption keys. The Key Context that is passed to the decryption service should be the same Key Context that was passed to the encryption service. If not, the decrypted value will not match the original value.

Typically one Key Ring Id is sufficient for most organizations. But different applications can use different Key Id, if these applications can not access eath others sensitive data. If a data that is encrypted in one application needs to be decrypted in another application then these two applications needs to have the same Key Id. In a large organization it is possible that the data is shared across applications and hence the entire enterprise may use a single Key Id. Enterprises can create new versions of the key after certain periods of time.