Encrypting CSV Files for User Uploads
The system supports GPG decryption for CSV files used for user uploads. If enabled, a public key will appear on the "Encryption" page in the system. This key must be used to GPG encrypt your CSV files before uploading them to the system. Please note that even if you choose not to GPG encrypt the CSV file, the file is still protected using TLS 1.2 or greater and high-grade encryption (256 bit) while being uploaded to the server (i.e. in transit) and encrypted with a data key using an industry-standard AES-256 algorithm while on the server (i.e. at rest).
Step-by-step Guide
To enable GPG decryption:
- Go to System Administration > Users > Accounts > User Uploads > Encryption
- Set "Decryption" to either "Optional" or "Always on"
- "Optional" will require a choice to be made on the "Upload users now" page by the administrator uploading the CSV file. For the "Schedule jobs" page, the system will try to auto-detect if the file needs decryption.
- "Always on" means all CSV files for user uploads will need to be encrypted prior to being uploaded to the system. If a file is not encrypted, the system will automatically report an error when trying to import the CSV file.
- Click on the "Save changes" button
Once you save the changes, the public encryption key will be displayed on the web page you are on. You must use this key to GPG encrypt your CSV files before uploading them to the system. Once your files are encrypted, you can upload them by following the Uploading Users or the Scheduling User Uploads procedure.
Important Notes
- By default, GPG decryption is always off / disabled
- Regardless of whether this feature is enabled or disabled, CVS files are always protected using TLS 1.2 or greater and high-grade encryption (256 bit) while being uploaded to the server (i.e. in transit) and encrypted with a data key using an industry-standard AES-256 algorithm while on the server (i.e at rest).
- If you change the feature from "Always off" to "Always on", you must upload GPG encrypted CSV files or the upload will fail. If you are scheduling your jobs, our recommendation is therefore that you set "Decryption" to "Optional", update all of your scheduled jobs, and only once all of your CSV files are encrypted should you change the setting to "Always on".
- Please note that GPG encryption of the file is something that you must do outside of the learning environment. In other words, the learning environment will not encrypt your CSV file. It can only decrypt a file that you have encrypted and uploaded to our system.
- For more information on GPG encryption, we recommend that you do a web search on the topic using your favorite search engine (e.g. Google, Bing, etc.)