Cameyo’s optional encryption feature uses the AES-128 algorithm to encrypt data saved by virtual applications. When enabled, data saved by the user or by the application itself, is stored in encrypted form.
There are two ways of storing the encryption key, each for different protection scenarios:
Using an encryption key: the key is stored inside the virtual package. User will not need to input any password, but has to make sure the virtual package itself (.cameyo.exe file) isn’t accessible to potential attackers. For example, if the application is used on a non-private computer, user needs to remove the .cameyo.exe file from the machine after use.
Using a password: user will have to enter the password when the application starts. The key isn’t stored anywhere, so this method is secured against data-at-rest attacks, i.e. someone stealing the laptop where the virtual application’s executable itself may be.
What gets encrypted, what doesn’t
At Cameyo we believe that it is important for you to clearly understand the security mechanisms used for protecting your data, including what they protect and what they don’t. So here’s a summary:
What gets encrypted:
– All files saved by the application during its use (files in the CHANGES\ directory).
– The program files themselves (files in the PROG\ directory).
– Registry keys & values.
It should be understood that real-time encryption is just an additional layer of security, but does not remove all risks. Security tools always need to be complemented by complete security policy.
It is important to understand that application virtualization is a complex process that, in general, is imperfect. Different programs challenge the virtualization engine in different ways. Because of this, it is essential to test your resulting package well, and to understand that if the virtual app or its sandbox become damaged or unstable, the encrypted data may become inaccessible.
It is also recommended to turn off the auto-updating feature of your virtual application while using encryption.