SDSDK Documentation 1.0.0

Zero Trust Data Format

Zero Trust Data Format (ZTDF) is an interoperable data security wrapper. It seamlessly understands all variations of the TDF metadata standard, allowing organizations to build custom policy enforcement points. ZTDF facilitates secure collaboration and data sharing, enabling files, messages, and documents to be shared across borders and classifications.

It allows organizations to integrate data-centric governance controls into legacy and next-generation applications, ensuring sensitive information remains protected. ZTDF format provides auto-enforcing granular access controls and grants access only to authorized individuals.

ZTDF with symmetric KAS

Stormshield has developed a variant of ZTDF to simplify its use and enable it to work with your KMaaS. The DEK used to encrypt your data is symmetrically encrypted by a Key Encryption Key (KEK) via the KMaaS Crypto API application.

Simplified version of the encryption workflow:

encrypt workflow

  1. The user provides the SDK with the data to be encrypted. They can also provide a list of attributes which will subsequently be used for ABAC.
  2. The SDK generates a DEK to encrypt the data. It also generates a manifest that includes all the data that will be useful for decryption, the attributes, and information to ensure the integrity of the data or attributes.
  3. The DEK is sent to the KMaaS.
  4. The DEK is wrapped with a KEK.
  5. The wrapped DEK is returned and stored in the manifest, the ZTDF carries its own security.

Simplified version of the decryption workflow:

decrypt workflow

  1. The user provides the SDK with the encrypted data and the manifest.
  2. The SDK extracts the attributes and wrapped DEK from the manifest.
  3. The wrapped DEK and attributes are sent to the SDK.
  4. Data attributes are sent to the policy (see 5) and the wrapped DEK is decrypted and returned to the SDK.
  5. Data attributes and other information (e.g., custom JWT token claims) are evaluated by the policy server. Policy server rules are at the administrator's discretion.
  6. Data integrity is verified, then the data is decrypted on the client side.