Authorizing a client to view new data from an encrypted camera - Security Center 5.8

Security Center Administrator Guide 5.8

series
Security Center 5.8
revised_modified
2020-08-17

You can grant a new client machine the rights to access the future data from an encrypted camera by adding a new encryption certificate (public key) for that client to the Archiver in charge of that camera.

Before you begin

Adding more encryption certificates to an Archiver impacts its performance. See Performance impact of fusion stream encryption.

What you should know

A client machine has access to encrypted data because the Archiver transmits both the encrypted data stream and the key stream to the client. The key stream gives the client its first key to unlock the encrypted data. The client needs a second key to decrypt the first key, which is its private key. When you add the client's certificate to the Archiver, you are asking the Archiver to create a new first key that the client is able to unlock.
IMPORTANT: If this client is the last machine that has access to the data from the encrypted camera, make sure you do not lose its private key. If you do, you will not be able to recover the encrypted archives for that camera. If you are in that situation, follow the recommended best practices for managing private keys.

Procedure

  1. Request and install an encryption certificate for the new client machine.
  2. Add the new certificate (public key) to the Archiver in charge of the camera.
    For information on how to do this, see Enabling fusion stream encryption.

Results

The new client machine can access any new data from the encrypted camera from this point on, but cannot access the data archived prior to this operation.