Resources

Product Support & FAQ

What is the Virtru Customer Key Server (CKS)?

The Virtru CKS is a physical device or cloud server that you host entirely on your organization’s premises, in the container-storing platform of your choice. The Virtru CKS adds asymmetric encryption to Virtru’s pure SaaS offering to give your organizations complete and exclusive access to the keys encrypting your data.

When you encrypt an email under this model, your Virtru email generates a message key that is encrypted with a CKS public key. The CKS hosts the private key needed to decrypt this public key and unwrap the message key, but only you can access it, since the CKS is hosted on your organization’s premises. Virtru’s servers only store encrypted keys, so they never have access to decrypted message keys.

Receiving Virtru clients – either Virtru’s Secure Reader or an inbox that has a Virtru plugin installed – also have public/private key pairs. The CKS rewraps message keys with the receiving client’s public key before it is transmitted to Virtru’s servers and eventually to the receiving client itself. The receiving client, which sits on the recipient’s premises, contains the private key needed to unlock the rewrapped message key and finally decrypt the message.

virtru customer key server diagram

You should consider the Virtru CKS if your organization is looking to:

  • Enable easy-to-use client-side email encryption without having to trust third parties with encryption keys or unencrypted content.
  • Ensure that you are the only entity that can respond to government access requests and subpoenas.
  • Meet data residency requirements by specifying the locations where your encryption keys are stored.
  • Comply with CJIS, ITAR, and other regulations.
The Virtru CKS is a physical device or cloud server that you host entirely on your organization’s premises, in the container-storing platform of your choice. The Virtru CKS adds asymmetric encryption to Virtru’s pure SaaS offering to give your organizations complete and exclusive access to the keys encrypting your data. Read on for more details.