<< Click to Display Table of Contents >> Navigation: »No topics above this level« Data Encryption |
Encryption of the communication
Apresa can provide a secure HTTPS web interface, to prevent that web pages or downloaded recordings are intercepted by a third party. HTTPS can be enabled on the Network tab in the System settings, after a certificate has been enabled on the Encryption page.
Remote-access to the Apresa system shell, when enabled, is possible using the SSH protocol, which is an encrypted protocol.
Encryption of the stored data
Full disk encryption
Full disk encryption can be chosen during installation, and it will encrypt everything on the hard disk except the boot sector. Full disk encryption cannot be disabled or enabled later on. During reboot, it requires that a pass phrase is entered with a keyboard (connected directly to the system), in order to unlock and start the system. If the pass phrase is lost, it is impossible to recover the data, or even to start the system.
When data is accessed using the web interface, the data is sent in decrypted form. In order to secure this communication, consider using HTTPS (see above).
When data is exported using backup, the data is sent in decrypted form.
System-wide encryption of call content
As an alternative to full disk encryption, the call content of recorded calls can be encrypted. This option can be switched on and off in the web interface. Call meta data, such as the start and stop time, and the telephone numbers, will not be encrypted. Only the audio (or video) content of calls will be encrypted. Data is encrypted using AES-256.
Call content encryption can be enabled on the Encryption page. You can choose a pass phrase there.
Playback of encrypted content can be enabled in the web-interface by entering the pass phrase. This can be done for the current user session, or alternatively for the whole system. If playback is enabled for the current user session, then the pass phrase must be entered each time after login, to enable playback. If playback is enabled for the system, then the password must be entered each reboot, or after it has been disabled manually.
In the web interface, a warning will be displayed if encryption is on, but playback is not enabled.
The advantage of not enabling playback (decryption), is that even if a malicious actor would gain access to the system, it would not be able to decrypt recordings. The decryption key would not be anywhere on the system.
If playback (decryption) is not available, recording will continue normally, and the web interface will be available. If playback (decryption) is not enabled on system level, Apresa itself will not be able to decrypt data. This means that Apresa cannot export recordings to another Apresa in decrypted form, or merge screen recordings with audio recordings. To prevent this, playback must be enabled with system scope.
When data is accessed using the web interface, the data is sent in decrypted form. In order to secure this communication, consider using HTTPS (see above).
When data is exported using backup, the data is stored encrypted.
In order to decrypt data, you will need the pass phrase, but also the master key. The master key is stored in the database, so it will be in a full backup. The master key is stored secured with the pass phrase.
Per-tenant encryption of call content
Call content encryption can also be applied per-tenant separately. This feature works very differently compared to the system-wide call encryption described above. For tenant call encryption, the decryption of call content happens in the web browser of the user that wants to play or download the recording. To play or download an encrypted call, a password is required. Each tenant can set its own password. The password itself is never sent to Apresa and no decryption is happening on Apresa for playback. Once a call has been encrypted, nobody without the password is able to decrypt the calls. This also includes system administrators. If the password is lost, it is not possible to retrieve the calls.
The tenant call encryption feature allows for the encryption of the recordings of a tenant. Only the call contents are encrypted. Call meta data, such as telephone numbers, is not encrypted.
Tenant call encryption can be configured on the tenant call encryption page by a tenant administrator who has permission.
For playback and downloading of tenant encrypted calls, a modern browser is required. The following browsers are known to work:
- Firefox
- Chrome
- Chromium-based Microsoft Edge
- Safari
Internet explorer will not work.
Enabling tenant call encryption brings a few limitations
- HTTPS is required. Playback, downloading or changing the encryption settings cannot be done over plain HTTP.
- Screen recordings and card recordings are currently not encrypted with this method.
- Encrypted calls that are exported to another Apresa will not be usable there.
- For backup purposes it is important to note that recordings are stored in an encrypted format that is not self-contained. Restoration of these calls to a playable state will always require a copy of the database as well.