PrizmDoc v13.0 - Updated
Enabling Content Encryption
Administrator Guide > System Configuration > Configure the Viewer > Configuration Options > Enabling Content Encryption

This topic contains the following information:

The goal of content encryption is to provide an obscured transfer of data from the PrizmDoc Server to the Viewer website, preventing unauthorized agents to discern the content being transmitted. Additional security can be enabled by configuring the Viewer and server to communicate over the Secured Socket Layer (SSL), https protocol, rather than standard non-secure http protocol. In cases where this is not viable or enough protection, the content encryption adds a strong measure of privacy to the document content. When content encryption is enabled, the web data images and document text strings sent to the Viewer will be encrypted and then decrypted by the Viewer.

This feature is not supported in IE8.

Overview of Enabling Content Encryption

Content encryption must be enabled in the Viewer and in the PrizmDoc Server; it is disabled by default. Enabling content encryption in the Viewer is straightforward and performed by an option passed to the Viewer constructor or jQuery plugin. This process is documented below.

There are two options for enabling content encryption on the server:

  1. Enable content encryption via the central configuration file (prizm-services-config.yml - located in the top-level of the installation directory): this enables content encryption for all viewing sessions.
  2. Toggle (enable or disable) content encryption via viewing session property: this enables or disables content encryption per viewing session, overriding the option set in the central configuration file.

These options are both documented below.

For the security conscious, toggling content encryption per viewing session is not permitted in the out of box product configuration. It must be explicitly allowed via the ServiceHost pcc.config file.

Finally, it’s important to note it must be enabled or disabled on both the Viewer and server, or unexpected behavior will occur. If encryption is enabled on the server but not for the Viewer, then the content will not be rendered correctly. If encryption is enabled for the Viewer but not on the server, then the content will not be encrypted during transit, however, it will be rendered correctly in the Viewer.

In summary:

Enabling Content Encryption in PrizmDoc Server via the Central Configuration File

To enable Content Encryption follow the steps below:

  1. Open the central configuration file, prizm-services-config.yml in your favorite editor. The prizm-services-config.yml file is located in the top-level of the installation directory.
  2. Find the viewing.contentEncryption.enabled section and change the value to true.
Encrypted Transmission
Copy Code
# Controls whether or not content is encrypted by the back end before being
# transmitted to a client viewer. The client viewer will decrypt the content in
# the browser. This is useful for DRM, making it more difficult to copy
# protected content that has been delivered to the browser.
#
viewing.contentEncryption.enabled: true
  1. Save the changes to the file. 
  2. Restart the PrizmDoc Server for the changes to take effect.
  3. Continue by enabling the encryption option for the Viewer as described in the section below.

Enabling Content Encryption in PrizmDoc Server via ViewingSession Property

  1. Open the central configuration file, prizm-services-config.yml in your favorite editor. The prizm-services-config.yml file is located in the top-level of the installation directory.
  2. Find the viewing.sessionConstraints.pageContentEncryption.allowedValues section and change the value to ["default", "enabled", "disabled"].
Encrypted Transmission
Copy Code
# Defines the list of allowed values for the pageContentEncryption viewing
# session creation option.
#
# Must be an array with either ONE or ALL of the following strings:
#
# "default" -  Allow REST API callers to create a new viewing session without
#              explicitly stating whether or not page content encryption (DRM)
#              should be applied. The value configured in this file at
#              viewing.contentEncryption.enabled will be used to determine
#              whether or not page encryption is applied.
#
# "enabled" -  Allows REST API callers to explicitly enable page content
#              encryption (DRM) when creating a new viewing session, overriding
#              whatever value is configured in this file by
#              viewing.contentEncryption.enabled.
#
# "disabled" - Allows REST API callers to explicitly disable page content
#              encryption (DRM) when creating a new viewing session, overriding
#              whatever value is configured in this file by
#              viewing.contentEncryption.enabled.
#
viewing.sessionConstraints.pageContentEncryption.allowedValues: ["default","enabled","disabled"]
  1. Save the changes to the file.
  2. Restart the PrizmDoc Server for the changes to take effect.
  3. Update your web-tier code to set the value of the pageContentEncryption Viewing Session property to "enabled" when creating the viewing session. The example below is for a .NET web tier:
Example
Copy Code
viewingSessionProperties.pageContentEncryption = "enabled";
....
// Serialize document properties as JSON which will go into the body of the request
string requestBody = serializer.Serialize(viewingSessionProperties);
requestStream.Write(requestBody);
  1. Continue by enabling the encryption option for the Viewer as described in the section below.

Enabling Content Encryption in the Viewer

To enable encryption in the Viewer, provide the encryption option in the viewer options parameter as follows so that the Viewer can handle encrypted data:

Example
Copy Code
           function buildViewerOptions() {
                ...
                var optionsOverride = args.pop(); // always last arg
                var options = {
                    ...
                    encryption: true
                };

                var combinedOptions = _.extend(optionsOverride, options);

                embedViewer(combinedOptions);
            }
Enabling the encryption will not work without setting the configuration parameter as described above. Also, if the PrizmDoc Server configuration setting is either not set or the PrizmDoc Server is not restarted, the data will arrive unencrypted.

How to Start & Stop the PrizmDoc Server

Refer to these topics for additional information:

Disabling Content Encryption in the PrizmDoc Server via the Central Configuration File

To disable Content Encryption in the PrizmDoc Server, follow the steps below:

  1. Open the central configuration file, prizm-services-config.yml in your favorite editor. The prizm-services-config.yml file is located . in the top-level of the installation directory.
  2. Find the viewing.contentEncryption.enabled section and change the value to false.
Unencrypted Transmission
Copy Code
# Controls whether or not content is encrypted by the back end before being
# transmitted to a client viewer. The client viewer will decrypt the content in
# the browser. This is useful for DRM, making it more difficult to copy
# protected content that has been delivered to the browser.
#
viewing.contentEncryption.enabled: false
  1. Save the changes to the file. 
  2. Restart the PrizmDoc Server for the changes to take effect.

Disabling Content Encryption in the Viewer

To disable encryption in the Viewer, use the Viewer's default behavior without providing the encryption option. By default, the Viewer sets the encryption value to 'false'. Should you wish not to use the encryption in the viewer options parameter, set the encryption option to false as shown below:

Example
Copy Code
           function buildViewerOptions() {
                ...
                var optionsOverride = args.pop(); // always last arg
                var options = {
                    ...
                    encryption: false
                };

                var combinedOptions = _.extend(optionsOverride, options);

                embedViewer(combinedOptions);
            }
Enabling/disabling the encryption will not work without appropriately setting the PrizmDoc Server configuration.