+ Start a Discussion

Encryption & Decryption




We have a requirement for encrypting & decrypting some confidential information.


Digital certificate will be installed on Client machine browser; we need to use this certificate for encrypting and decrypting the data.

Should not store digital certificate in salesforce.com. 


Please suggest solution, if it is possible with Salesforce.com.







You can't use a custom certificate with salesforce.com, it just doesn't work that way. At what level are you looking to encrypt the data? Data is already encrypted during data transport (uses TLS encryption where available). If you want to store the data in salesforce.com, use Encrypted Text Fields (free, available on request). Users can put data into the field, but can't pull it back out without a profile permission. Salesforce.com will never expose the "encrypted" data to a user (i.e. using the API), just a bunch of asterisks except for exposed characters (i.e. you can specify "last-4 SSN", and it would appear as "***-**-1234").


Crypto class provide standard algorithms for creating digests, message authentication codes, and signatures, as well as encrypting and decrypting information. These can be used for securing content in Force.com, or for integrating with external services such as Google or Amazon WebServices (AWS).


for more information you can visit at this link: http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_restful_crypto.htm


See if this works for you.


we have tried this, and all working fine, but only problem is storing Key in salesforce.com. Client is not happy in this regard.




Requirement is to store Encrypted values in Salesforce.com DB.


Let say we have given access to system admin profile. For some reason Salesforce.com DBA logged into Salesforce.com using this system admin profile, then he will be able to see the decrypted data right.


This is the main concern.