Encryption

Blue Prism Interact uses the following encryption methods:

Algorithm

Description

Traffic encryption

Enable HTTPS only communication for production. Requires customers to provide TLS certificates for all web applications and all communication channels must be secured.

For more information about configuring certificates, see the web server.

Data protection

The Hub installer generates a PFX certificate and saves it to Trusted Root Certificate Authorities. All applications use it to encrypt sensitive data, such as connection strings in the appsettings.json file.

Data protection uses the following default algorithms:

  • Encryption Algorithm is AES-256-CBC
  • Validation Algorithm is HMACSHA256

The key size is 2048 bit.

JWT token signing

The Hub installer generates a PFX certificate and saves it to Trusted Root Certificate Authorities. The Identity Server uses it to encrypt the JWT token and to validate the license file.

The JWT token is encrypted by the RSA-SHA-256 algorithm and the key size is 2048 bit.

Authentication Server

This is the authorization server - users login via the Authentication Server which determines the components they have access to.

The authentication server uses SHA-256 to hash the client secret and client ID.

Password Storage

The AspNetIdentity library is used for password hashing and uses the following algorithms:

  • PBKDF2 with HMAC-SHA256
  • 128-bit salt
  • 256-bit subkey
  • 10000 iterations

The license key is encrypted by the RSA-SHA-512 algorithm.

Database encryption can be provided by the Microsoft encryption mechanism (Transparent Data Encryption - TDE) but must be manually implemented on each database. For more info see: docs.microsoft.com.

TLS defaults to the host operating system configuration for both TCP and HTTP communications, selecting the best security protocol and version. Available protocols and ciphers are managed by the end user or automatically handled through Microsoft security updates.