Cloud Storage Encryption rule set

The Cloud Storage Encryption rule set is a library rule set for encrypting and decrypting data that is uploaded to and downloaded from cloud storage services.

Library rule set – Cloud Storage Encryption
Criteria – Always
Cycles – Requests (and IM), Responses

The rule set contains the following rules.

Set encryption password
Always –> Continue – Set User-Defined.Encryption Password = "webgateway"
The rule uses an event to set the default password for Web Gateway as the password that is used when data is encrypted.
Enable encryption
CloudEncryption.IsEncryptionSupported<Default> equals true –> Continue – CloudEncryption.Encrypt(User-Defined.Encryption Password)<Default>
The rule uses the CloudEncryption.IsEncryptionSupported property to check whether encryption of data can be performed. If this is the case, an event is used to perform the encryption.
Enable decryption
CloudEncryption.IsDecryptionSupported<Default> equals true –> Continue – CloudEncryption.Decrypt(User-Defined.Encryption Password)<Default>
The rule uses the CloudEncryption.IsDecryptionSupported property to check whether decryption of data can be performed. If this is the case, an event is used to perform the decryption.
Fix content type after decryption
CloudEncryption.IsDecryptionSupported<Default> equals true –> Continue – MediaType.Header.FixContentType
The rule uses the CloudEncryption.IsDecryptionSupported property to check whether a decryption of cloud storage data was performed.
If this is the case, an event is used to modify the Content-Type field in the header of the response that was sent to deliver the data to Web Gateway. Cloud storage services set this field by default to application/octet-stream, as they are not able to recognize real media types when data is encrypted. The MediaType.Header.FixContentType event sets the field to a value for a real media type.set to the value
This rule fixes the issue that cloud storage services set this field by default to application/octet-stream, as they cannot recognize different media types when data is encrypted. The MediaType.Header.FixContentType event sets the field to a value for the real media type.
The rule is not enabled by default.
Log encryption password

CloudEncryption.IsEncryptionSupported<Default> equals true –> Continue –

Set User-Defined.encrypt-log.=

DateTime.ToGMTString

+ ", User: "

+ Authentication.UserName

+ ", IP: "

+ IP.ToString (Client.IP)

+ ", Service: "

+ CloudEncryption.ServiceName

+ ", Cipher: "

+ CloudEncryption.CipherName<Default>

+ ", Password: "

+ User-Defined.EncryptionPassword

FileSystemLogging.WriteLogEntry (User-Defined.encrypt-log)<Encryption Log>

The rule uses an event to create a log entry for an encryption.
A second event is used to write this entry into the log called Encryption Log, which is specified by the event settings. Since data is written into the log in encrypted format, you need a password to access it (default password: webgateway).
The rule is not enabled by default.