Skip to content

Create new encryption key

To create a new encryption key:

  1. Click the Add Encryption Key button.

    Add Encryption Key

  2. Provide the following settings:

    Encryption Key Settings

  3. Name - specify a unique name for your encryption key.

  4. Tenant - specify a tenant for which the encrypt key will be created. This field is available for a multi-tenant envoronment only.
  5. Status - select this check box to apply this key for new recordings.
  6. Protection Mode - specify whether the key is protected with user's credentials or application credentials. When a key is protected with user's credentials, it is necessary to explicitly grant users access to this key. App-protected mode is required when SAML 2.0 Single Sign-On or speech analytics is used. By default, the key is protected with user's credentials.
  7. Generate a key - select this option if you want to generate a new random key.

  8. Import a key - select this option to import an existing key. If selected, fill out the following settings:

    • Public key (PEM format) - RSA public key formatted in Base64 encoding (PEM format).
    • Private key (PEM format) - RSA private key formatted in Base64 encoding (PEM format).

    This parameter is optional. If you do not provide private key, then the imported encryption key will be used only for encryption of audio files without ability to decrypt them. Users will not be able to decrypt these recordings on that server. To playback such recordings, you will need to transfer these recordings to another MiaRec server, which has the corresponding private key. This is an advanced feature of MiaRec - it allows to deploy a recording server in one location and a playback server in another location. For example, the hosted service provider may record customer calls directly into encrypted format and nobody on service provider site will be able to playback those recordings, including root administrators. Data should be uploaded to customer premises, where only authorized persons will be able to playback them. * Private key password - Password for decrypting a private key, if the latter has been exported previously with password protection.

    Private Key Password

  9. Key length - specify the length of an encryption key in bits. Supported values: 1024, 2048 (default, recommended), 4096.

  10. Click Save to apply your changes.

Hint

Note, in multi-tenant version, you need to create the key for "System" account first. Then, you can create a tenant encryption key. On System account, you do not need to enable "Audio file encryption" unless you record calls into System tenant (which is not recommended).