Enabling Content Encryption

This topic contains the following information:

Overview of Enabling Content Encryption
Enabling Content Encryption in PrizmDoc Server via the Central Configuration File
Enabling Content Encryption in PrizmDoc Server via ViewingSession Property
Enabling Content Encryption in the Viewing Client
Disabling Content Encryption in the PrizmDoc Server via the Central Configuration File
Disabling Content Encryption in the Viewing Client

The goal of content encryption is to provide an obscured transfer of data from the PrizmDoc Server to the Viewing Client website, preventing unauthorized agents to discern the content being transmitted. Additional security can be enabled by configuring the Viewing Client and server to communicate over the Secured Socket Layer (SSL), https protocol, rather than standard non-secure http protocol. In cases where this is not viable or enough protection, the content encryption adds a strong measure of privacy to the document content. When content encryption is enabled, the web data images and document text strings sent to the Viewing Client will be encrypted and then decrypted by the Viewing Client.

This feature is not supported in IE8.

Overview of Enabling Content Encryption

Content encryption must be enabled in the Viewing Client and in the PrizmDoc Server; it is disabled by default. Enabling content encryption in the Viewing Client is straightforward and performed by an option passed to the Viewing Client constructor or jQuery plugin. This process is documented below.

There are two options for enabling content encryption on the server:

Enable content encryption via the central configuration file (prizm-services-config.yml - located in the top-level of the installation directory): this enables content encryption for all viewing sessions.
Toggle (enable or disable) content encryption via viewing session property: this enables or disables content encryption per viewing session, overriding the option set in the central configuration file.

These options are both documented below.

For the security conscious, toggling content encryption per viewing session is not permitted in the out of box product configuration. It must be explicitly allowed via the ServiceHost pcc.config file.

Finally, it’s important to note it must be enabled or disabled on both the Viewing Client and server, or unexpected behavior will occur. If encryption is enabled on the server but not for the Viewing Client, then the content will not be rendered correctly. If encryption is enabled for the Viewing Client but not on the server, then the content will not be encrypted during transit, however, it will be rendered correctly in the Viewing Client.

In summary:

Content encryption is disabled out of the box.
It must be enabled in the Viewing Client and PrizmDoc Server.
It can be enabled or disabled on the server via the central configuration file.
If permitted, enabling or disabling content encryption can be overridden when creating a viewing session.

Enabling Content Encryption in PrizmDoc Server via the Central Configuration File

To enable Content Encryption follow the steps below:

Open the central configuration file, prizm-services-config.yml in your favorite editor. The prizm-services-config.yml file is located in the top-level of the installation directory.
Find the viewing.contentEncryption.enabled section and change the value to true.

Encrypted Transmission
Copy Code

# Controls whether or not content is encrypted by the back end before being # transmitted to a client viewer. The client viewer will decrypt the content in # the browser. This is useful for DRM, making it more difficult to copy # protected content that has been delivered to the browser. # viewing.contentEncryption.enabled: true

Encrypted Transmission	Copy Code
`# Controls whether or not content is encrypted by the back end before being # transmitted to a client viewer. The client viewer will decrypt the content in # the browser. This is useful for DRM, making it more difficult to copy # protected content that has been delivered to the browser. # viewing.contentEncryption.enabled: true`

Save the changes to the file.
Restart the PrizmDoc Server for the changes to take effect.
Continue by enabling the encryption option for the Viewing Client as described in the section below.

Enabling Content Encryption in PrizmDoc Server via ViewingSession Property

Open the central configuration file, prizm-services-config.yml in your favorite editor. The prizm-services-config.yml file is located in the top-level of the installation directory.
Find the viewing.sessionConstraints.pageContentEncryption.allowedValues section and change the value to ["default", "enabled", "disabled"].

Encrypted Transmission
Copy Code

# Defines the list of allowed values for the pageContentEncryption viewing # session creation option. # # Must be an array with either ONE or ALL of the following strings: # # "default" - Allow REST API callers to create a new viewing session without # explicitly stating whether or not page content encryption (DRM) # should be applied. The value configured in this file at # viewing.contentEncryption.enabled will be used to determine # whether or not page encryption is applied. # # "enabled" - Allows REST API callers to explicitly enable page content # encryption (DRM) when creating a new viewing session, overriding # whatever value is configured in this file by # viewing.contentEncryption.enabled. # # "disabled" - Allows REST API callers to explicitly disable page content # encryption (DRM) when creating a new viewing session, overriding # whatever value is configured in this file by # viewing.contentEncryption.enabled. # viewing.sessionConstraints.pageContentEncryption.allowedValues: ["default","enabled","disabled"]

Encrypted Transmission	Copy Code
# Defines the list of allowed values for the pageContentEncryption viewing # session creation option. # # Must be an array with either ONE or ALL of the following strings: # # "default" - Allow REST API callers to create a new viewing session without # explicitly stating whether or not page content encryption (DRM) # should be applied. The value configured in this file at # viewing.contentEncryption.enabled will be used to determine # whether or not page encryption is applied. # # "enabled" - Allows REST API callers to explicitly enable page content # encryption (DRM) when creating a new viewing session, overriding # whatever value is configured in this file by # viewing.contentEncryption.enabled. # # "disabled" - Allows REST API callers to explicitly disable page content # encryption (DRM) when creating a new viewing session, overriding # whatever value is configured in this file by # viewing.contentEncryption.enabled. # viewing.sessionConstraints.pageContentEncryption.allowedValues: ["default","enabled","disabled"]

Save the changes to the file.
Restart the PrizmDoc Server for the changes to take effect.
Update your web-tier code to set the value of the pageContentEncryption Viewing Session property to "enabled" when creating the viewing session. The example below is for a .NET web tier:

Example	Copy Code
viewingSessionProperties.pageContentEncryption = "enabled"; .... // Serialize document properties as JSON which will go into the body of the request string requestBody = serializer.Serialize(viewingSessionProperties); requestStream.Write(requestBody);

Example

Copy Code

viewingSessionProperties.pageContentEncryption = "enabled";
....
// Serialize document properties as JSON which will go into the body of the request
string requestBody = serializer.Serialize(viewingSessionProperties);
requestStream.Write(requestBody);

Continue by enabling the encryption option for the Viewing Client as described in the section below.

Enabling Content Encryption in the Viewing Client

To enable encryption in the Viewing Client, provide the encryption option in the viewer options parameter as follows so that the Viewing Client can handle encrypted data:

Example	Copy Code
function buildViewerOptions() { ... var optionsOverride = args.pop(); // always last arg var options = { ... encryption: true }; var combinedOptions = _.extend(optionsOverride, options); embedViewer(combinedOptions); }

Example

Copy Code

           function buildViewerOptions() {
                ...
                var optionsOverride = args.pop(); // always last arg
                var options = {
                    ...
                    encryption: true
                };

                var combinedOptions = _.extend(optionsOverride, options);

                embedViewer(combinedOptions);
            }

Enabling the encryption will not work without setting the configuration parameter as described above. Also, if the PrizmDoc Server configuration setting is either not set or the PrizmDoc Server is not restarted, the data will arrive unencrypted.

How to Start & Stop the PrizmDoc Server

Refer to these topics for additional information:

Windows: Installation Guide > Starting & Stopping the PrizmDoc Server > Windows
Linux: Installation Guide > Starting & Stopping the PrizmDoc Server > Linux

Disabling Content Encryption in the PrizmDoc Server via the Central Configuration File

To disable Content Encryption in the PrizmDoc Server, follow the steps below:

Open the central configuration file, prizm-services-config.yml in your favorite editor. The prizm-services-config.yml file is located . in the top-level of the installation directory.
Find the viewing.contentEncryption.enabled section and change the value to false.

Unencrypted Transmission
Copy Code

# Controls whether or not content is encrypted by the back end before being # transmitted to a client viewer. The client viewer will decrypt the content in # the browser. This is useful for DRM, making it more difficult to copy # protected content that has been delivered to the browser. # viewing.contentEncryption.enabled: false

Unencrypted Transmission	Copy Code
`# Controls whether or not content is encrypted by the back end before being # transmitted to a client viewer. The client viewer will decrypt the content in # the browser. This is useful for DRM, making it more difficult to copy # protected content that has been delivered to the browser. # viewing.contentEncryption.enabled: false`

Save the changes to the file.
Restart the PrizmDoc Server for the changes to take effect.

Disabling Content Encryption in the Viewing Client

To disable encryption in the Viewing Client, use the Viewing Client's default behavior without providing the encryption option. By default, the Viewing Client sets the encryption value to 'false'. Should you wish not to use the encryption in the viewer options parameter, set the encryption option to false as shown below:

Example	Copy Code
function buildViewerOptions() { ... var optionsOverride = args.pop(); // always last arg var options = { ... encryption: false }; var combinedOptions = _.extend(optionsOverride, options); embedViewer(combinedOptions); }

Example

Copy Code

           function buildViewerOptions() {
                ...
                var optionsOverride = args.pop(); // always last arg
                var options = {
                    ...
                    encryption: false
                };

                var combinedOptions = _.extend(optionsOverride, options);

                embedViewer(combinedOptions);
            }

Enabling/disabling the encryption will not work without appropriately setting the PrizmDoc Server configuration.