long term preservation and encryption (TCS)

saavedra

Hi all,

We are about to propose Trusted Content Services to one client in order to encrypt the documentation of the DCTM repository. As far as we know, the file encryption is not mandatory for LOPD (Spanish Law of Protection of Personal Data), but it reinforces the security.

Then, we have realiced that we need long term preservation of documents by law (they are government documents) and we think document encryption goes against long term preservation (because the encryption software or algorithm could change/dissapear...).

So, somebody have been in this situation? Could we somehow accomplish long term preservation using file encryption too?

Regards,

Ivan S.

bacham2

I don't see why encryption would go against long-term preservation. As long as you are able to decrypt the content, there is no problem. Long-term preservation is more about the file formats that you are using and possibly the medium you are using.

What is your purpose for encrypting the content stored in the repository? It will protect you from sysadmin trying to read the content directly via the operating system (e.g. Unix shell) but it will not protect you against Documentum superusers (who could simply issue a getfile command to get the decrypted content). That might be ok for you but you need to be clear about what threat you are trying to thwart.