Cryptography Architecture

VTScada supports cryptography by means of the Microsoft CryptoAPI (further details on the CryptoAPI may be found with MSDN).

At present VTScada only provides access to a limited portion of the CryptoAPI, but this is sufficient to generate keys to encrypt and decrypt data.

Application developers can use the VTScada cryptography functions without knowing details of the underlying implementation, in much the same way as they can use a graphics library without knowing anything about the particular graphics hardware configuration. The MS CryptoAPI works with a number of cryptographic service providers (CSP) that perform the actual cryptographic functions.

Data encryption transforms a message written in plain text (called "plaintext" in the cryptography community) so that it appears as random gibberish. A good data encryption system makes it difficult to transform encrypted data back to plaintext without a secret key. The data to be encrypted can be ASCII text, a database file, or any other data you want to store or transmit securely. In this documentation, the term "message" is used to refer to any piece of data, "plaintext" refers to data that has not been encrypted, and "ciphertext" refers to data that has been encrypted.

Encrypted data can be stored on non-secure media or transmitted over a non-secure network and still remain private. Later, the data can be decrypted into its original form.

Data encryption and decryption are simple processes. When data is encrypted, an encryption key is used. This key is comparable to a physical key that is used to lock a padlock. To decrypt the data, a decryption key is be used. The decryption key is comparable to using a key to unlock a padlock. Encryption and decryption are often done using the same key, but unlike working with physical keys, sometimes encryption and decryption can use different keys from a public/private key pair.

Encryption keys must be kept secret and safe, and must be transmitted securely to other users. This is discussed further in Data Encryption and Decryption. The main challenge is properly restricting access to the decryption key because anyone who possesses it will be able to decrypt all messages that were encrypted with its corresponding encryption key.