Basic About the Encryption in salesforce

1. Encryption in Salesforce
By Vishesh Singhal(SFDC)

2. Index
1. Encryption
2. Types of Encryption(symmetric & Asymmetric)
3. Salesforce Classic Encryption
4. Salesforce Shield Platform Protection(SPP)

3. Encryption
Encryption is a process that encodes a message or file so that it can be only be
read by certain people. EX “Trailhead” would look like “Xvemplieh”.

4. Types of Encryption
1. Symmetric Encryption
2. Asymmetric Encryption

5. Symmetric Encryption
In a symmetric encryption algorithm, both the sender and the recipient use the same key
(known as the secret key) to encrypt and decrypt the message.
Example: Rotation Cipher
Clear Text : V I S H E S H
Key : 1 1 1 1 1 1 1
Encrypted Text : U H R G D R G
Secret Key : In cryptography, a key is a piece of information that determines the functional output
of a cryptographic algorithm.

6. Asymmetric Encryption
In an asymmetric encryption algorithm, the sender and recipient use different keys to encrypt and
decrypt a message. Each participant in the cryptosystem has a pair of keys assigned to him: a
public key and a private key.
Famous Algorithm : RSA Algorithm.

7. Classic Encryption
Salesforce Classic Encryption protects data from your existing Salesforce users by
providing masking capabilities, which allow you to hide the original data with random
characters. Here custom fields with 128-bit Advanced Encryption Standard (AES). are encrypted.
Example :
Credit Card Field Value : 1219-0118-2021-1992
Masked Value: ****-****-****-1992

8. Advantages and Disadvantages
Advantages
● Is included in Base License cost of Salesforce.
● Provides masking of custom fields to protect against internal Salesforce users seeing specific data.
● Is excellent for masking sensitive data, such as credit card or SSN fields.
Disadvantages
● Can only encrypt custom fields.
● Limits custom field encryption to 16 characters (Tested).
● Needs profiles and permission sets to be configured for Salesforce users.
● Cannot be used in workflows or formula fields.

9. Shield Platform Protection
Salesforce Shield Platform Encryption protects Salesforce data at rest using either a
generated or an uploaded encryption key. Shield Platform Encryption provides the additional
option of Bring Your Own Key (BYOK), allowing customers to manage their own encryption keys.
Shield Platform Encryption is an additional feature that provides 256-bit encryption with a broader
range of core Salesforce functionality, including search, lookups, validation rules, and Chatter. No
masking is applied to Shield encrypted fields, so visibility needs to be controlled with field-level
security.

10. Advantages and Disadvantages
Advantages
● The ability to encrypt standard fields, custom fields, files, and attachments.
● Can be used in workflows and formula fields.
● Offers a higher level of encryption (256-bit AES) than Salesforce Classic Encryption.
Disadvantages
● There is an additional cost.
● Does not provide masking, so Field Level Security (FLS) needs to be set to control visibility of fields.
● Does not work with certain third-party apps.

11. Shield Platform Encryption Verification
https://salesforce.stackexchange.com/questions/175126/encrypted-data-not-in-
the-encrypted-format
https://developer.salesforce.com/forums/?id=9060G000000BdaFQAS

12. References
https://developer.salesforce.com/docs/atlas.en-
us.securityImplGuide.meta/securityImplGuide/fields_about_encrypted_fields.htm
https://help.salesforce.com/articleView?id=security_pe_vs_classic_encryption.htm&type=5
https://salesforce.stackexchange.com/questions/175126/encrypted-data-not-in-the-encrypted-format
https://developer.salesforce.com/forums/?id=9060G000000BdaFQAS
https://www.salesforce.com/content/dam/web/en_us/www/documents/reports/wp-platform-
encryption-architecture.pdf

13. Thank you
Questions And Answer