naa:EncryptionDetails

Information, or pointers to information, about how a record has been encrypted to enable decryption (and hence, access) if the record is stored in the recordkeeping system in an encrypted state and to enable re-encryption if the record is stored in the recordkeeping system in a decrypted state, but needs to be moved to another system or location.

This element enables decryption (and hence, access) if the record is stored in the recordkeeping system in an encrypted state. It may also enable re-encryption if the record is stored in the recordkeeping system in a decrypted state, but needs to be moved to another system or location.

Optional

No

Yes

The agency’s own public key and Certification Authority.

vers:schemeCDATA

(Optional) A reference to the scheme that controls the values of this element. Would normally only be present if there is a published scheme that can be referred to by a viewer.

Encryption of long-term records is NOT RECOMMENDED as loss of the encryption key results in loss of the record. This element has been retained solely to maintain compatibility with NAA recordkeeping metadata.

If encryption is used, details need to be recorded about the public and private keys, and the Certification Authority which has authorised, and which vouches for, the identity of the key holders. These details are required in order to restrict or enable access to the encrypted record.

This subelement could be used either to record the encryption details themselves (if the recordkeeping system is considered sufficiently secure), or to record the location of the encryption details which are stored outside the recordkeeping system.

It is recommended that information regarding private keys never be held within the recordkeeping system.