Skip to main content

Working with Access Control Lists

When using Pi Soft for key management, data is encrypted using a cryptographic key, the key is then encrypted, and finally the link between the data and the key is encrypted. The encrypted link is essentially a hidden link and is called a T-tag, and it has an associated access control list (ACL), which dictates when and by whom the data can be decrypted.

The user who encrypts a data is the owner of the data and its associated ACL. As a result, the data's owner controls access to the data.

All access control information is managed using the TEACLInfo and TEACLEntry classes.

A TEACLInfo defines an access control list associated with a specific T-tag, and may contain numerous TEACEntry objects. Each TEACLEntry object defines a user who has access rights to the T-tag.

The code samples listed below illustrate ACL management tasks related to TEACLInfo and TEACLEntry objects. Because TEACLInfo objects are created automatically during encryption, they cannot explicitly be added to or removed.