Encrypt content in XML files

Instant IMtegrity provides the ability to securely encrypt all intermediate XML chat logs on disk using strong RSA encryption, to prevent casual snooping or stealing of chat log files on the server’s disk before they get imported into the database.

Details

When this option is enabled, textual content inside of each XML log file is encrypted via a server-specific 128 bit RSA RC4 key. The server creates an asymmetric RSA public and private key pair once (at first start-up) and a random 128 bit RC4 symmetric encryption key (every time on service start).

All names and IM chat messages in each XML log file are then encrypted using the RC4 key. The RC4 key itself is then encrypted using the server’s machine specific public key and stored in the XML log file.

At import time, the RC4 key is decrypted using the server’s private key and is then used to decrypt the actual XML log file content.

128 bit RSA RC4 keys are sufficiently complex for this purpose, and the private key required to decrypt the content is only available on the very same server; decryption can only take place on that particular server, means ‘stealing’ the files and trying to decrypt them elsewhere won’t work.

Performance implications with encryption enabled

Encryption is fairly fast, since the most computationally expensive operation of creating a set of private and public keys is done only once at server startup. Symmetric encryption using RC4 keys of small content (IM user names and chat messages) is extremely fast, and this is where the server spends most of its time; encrypting names and messages passing through.

The RC4 key is then sealed with the public key only once when Instant IMtegrity saves the XML chat log file. In comparison, public key operations are ca. 1000 times slower than symmetric key operations, so since Instant IMtegrity is doing this only once (and only on the RC4 key itself, rather than on the entire chat message), it’s very fast.