Environment
NSL 3.x
NSL6.x
Situation
Questions and answers about encryption with NSL:
Q - What encryption method is used
?
A- AES or triple DES is used (AES is only available in version 6
and above and requires datastore version 6.0). Please note AES is
not available on Win2k machines. This is a Microsoft
limitation.
Q - When is data encrypted (at what
point in the process) ?
A - When SecureLogin is starting for the first time. SecurLogin
also encrypts data when saving SSO data such as credentials,
application definitions, and SSO preferences.
Q - Where is it stored on the
workstation ?
A- SecureLogin data that is encrypted is stored in a cache file
that is stored on the workstation. The cache file location can
either reside in a custom location or the appdata folder under the
user profile
directory.
Q - Where is it stored in the
directory ?
A – On the PROT: SSO attributes of the user object
Q - How is it stored on the
workstation ?
A - SecureLogin stores the user's SSO data in a local cache file on
the workstation. Please note if SecureLogin is installed on a
Windows server, SecureLogin by default will not create/use cache
files.
A - How long does it remain on the
workstation ?
Q - This depends on what the cache expiry setting which is set on
each individual workstation.
Q - How many keys are used in the
encryption ?
A - Two keys.
Q - How can the credentials be
retrieved and decrypted ?
A - They can't, except by the SecureLogin client as it uses the
data.