Security is a key element to manage your Qlik Sense environment. Security rules, hidden content, section access…. These are few of the methods you may use to limit the access to the data from the front end. Yet, what about the QVD files stored on your server whose content can be visualized (altered) simply by opening them?
Did you know that Qlik Sense now allows you to protect your sensible files by encrypting them?
Did you know that Qlik Sense now allows you to protect your sensible files by encrypting them?
The encryption capacity was first introduced for Qlik Sense Enterprises for Windows in September 2019 and is directly available via QMC since November 2019. This capacity applies to both QVD (Data) and QVF (Application) files.
How does it work?
Qlik Sense Engine can encrypt the QVDs and QVFs via a Data Encryption Key (DEK) which is generated by another certificate-based Key Encryption Key (KEK). Each encrypted file has a unique DEK that is stored in the QVD/QVF. The KEK is both private and public: the public key will be used to encrypt the data while the private key has the ability to decrypt them. The encryption algorithm is an industry standard: AES-256 GCM (see: https://en.wikipedia.org/wiki/Galois/Counter_Mode).
Keys are stored in a Microsoft Cryptography Next Generation (CNG) Key Storage Provider and certificates are stored in a Windows Certificate Store. Please note that the certificates must be accessible by the user running the engine. In the QMC, the encryption ability must be allowed and the certificate thumbprint must be specified. As the KED is never reused, if a given file is corrupted, the other ones remain protected.
A few key points :
Minimum version: