5. BayunCoreSDK Operations
The BayunCore.h class contains public methods for locking and unlocking of files, text and data.
Encryption Policy
Use of encryption-policy, as optional argument in lock function, allows the developer to bind a specific access-policy to the data being locked. The Bayun SDK will automatically choose the right encryption-keys (creating new ones as necessary), in conjunction with the Bayun Lockbox Management Server, and putting these keys in a hierarchy of lockboxes, such that the applied policy is enforceable on the locked data irrespective of any software (potentially hacked) being used to access the data. If no policy is explicitly specified by the developer at the time of locking the data, the default policy dictated by the server is used as specified in the admin-panel settings for that company and user.
The actual policy applied to the data is a combination of the encryption-policy specified in lock function and the policy dictated by the server based on settings. Note that the server-settings can disable the encryption functionality completely, with lock function acting as a simple passthrough for keeping track of data-usage patterns. However, as long as the encryption functionality is enabled in server settings, the developer-specified policy passed as argument to the lock function in the code always takes precedence over the default policy specified by the server.
BayunEncryptionPolicy
is of type enum and can have following values :
_None
: No encryption is performed. The lock function acts as a simple passthrough for data. But all accounting on data-access patterns is still performed for reporting in the admin-panel, so that complete visibility into all lock/unlock operations is still maintained.
Default
: Locking/unlocking is performed according to the policy dictated by the server based on admin-panel settings.
Company
: Locking/unlocking is performed using company key i.e the enterprise encryption key. Every employee of the same company will have access to this enterprise encryption key in their lockbox, and so will technically be able to access this data.
Employee
: Locking/unlocking is performed using individual employee key. Nobody other than the user herself has access to this encryption-key, and so nobody else will be able to access this data.
Group
: Locking/unlocking is performed using group key. A groupId has to be specified while using this policy. Only members of the specified group will be able to access this data \(see the "Groups" section in this Guide for details\).
Key Generation Policy
Use of key generation policy, as optional argument in lock function, allows the developer to determine the policy to generate Encryption Key for the data being locked. If no policy is explicitly specified by the developer at the time of locking the data, the default policy dictated by the server is used as specified in the admin-panel settings for that company and user.
Note that the server-settings can disable the encryption functionality completely, with lock function acting as a simple passthrough for keeping track of data-usage patterns. However, as long as the encryption functionality is enabled in server settings, the developer-specified policy passed as argument to the lock function in the code always takes precedence over the default policy specified by the server.
BayunKeyGenerationPolicy
is of type enum and can have following values :
Default
: The default policy dictated by the server is used as specified in the admin-panel settings for that company and user.
Static
: Encryption of every data object is done with same key, that is derived from the Base Key. The Base Key is determined by the Policy tied to the object being locked (e.g. CompanyKey, EmployeeKey, GroupKey).
Envelope
: Every data object is encrypted with its own unique key that is randomly generated. The random key itself is kept encrypted with a key derived from the Base Key.
Chain
: Every data object is encrypted with its own unique key, that is derived from the Base Key using a multi-dimensional chaining mechanism.
Operations
Here is the list of operations that can be performed using BayunCoreSDK:
5.1. Lock/Unlock File
5.2. Lock/UnlockText
Last updated