Managing Job Encryption for InfoPrint Manager for AIX

To prevent data from being accessed, modified, or stolen, InfoPrint Manager can encrypt the files for jobs in pending, held, ripped, or retained state.

InfoPrint Manager Uses OpenSSL (https://www.openssl.org) to enable Job Encryption. To encrypt and decrypt large amounts of data, InfoPrint Manager uses symmetric encryption. Only printable job files, RIP files, submission files, and email-body files for Email DSS are encrypted.

    Note:
  • On AIX and Linux, pdpr -l copies the file instead of creating a symbolic link.
  • To have all InfoPrint Manager files encrypted, including temporary files, instead of using Job Encryption, we recommend encrypting all the partitions where InfoPrint Manager stores files: /var/pd, /var/psf, /var/psf/segments, /tmp, and swap.

When a job enters the system, it is initially saved as plain data. It is encrypted after document format sniffer and page count have been completed.

An InfoPrint Manager server encrypts a file when a job submission (pdpr) is made or a control (from Anyplace Print across namespace) is executed.

An InfoPrint Manager server decrypts a file when a job starts processing. The encrypted and the decrypted files are deleted when a job completes. If a job moves back to a pending or held state, the decrypted file is deleted.

At server startup, all decrypted files are deleted.

    Note:
  • Job Viewer also decrypts job files and deletes the decrypted files, when appropriate.

For Anyplace Print across namespaces, a move job is made. The job files are decrypted and a job is submitted. Files are encrypted again on the destination server.

To identify if Job Encryption is enabled on your InfoPrint Manager server, check the error log file for the following message:"5010-909 InfoPrint Manager started with Job Encryption enabled.", after the InfoPrint Manager server has started.