Contentsquare
Hi, how can we help?
Popular help topics: CS Live, Metrics List, Request an Integration

What's New? Releases & Updates Contentsquare Growth Plan

help center results

technical documentation

Français 日本語

Articles in this section

Encryption key setup

Experience Monitoring is available as an add-on for our Pro plan and included with our Enterprise plan.

In order to protect the data from being decrypted easily by anyone, the asymmetric encryption method is used. It’s the safest method as it requires a combination of 2 keys: Public and Private key.

ⓘ This is for Experience Monitoring implementation and only Admins can execute this process. Please remember to involve your IT or Security team before setting up encryption.

Data Encryption

All data must be encrypted in order to use Controlled Exposure and/or API Troubleshooting details.

To do this, you will need to obtain a combination of encryption keys:

  • Public key: is used when we collect the data so we can encrypt it

  • Private key: is used in the Contentsquare Platform when displaying the data for decryption
ⓘ  You must generate the pair of keys, Contentsquare will never have access nor store the private key.

How to generate the key pair

Option 1: With a Google chrome script (recommended)

1. Copy the following script

function arrayBufferToString(buffer) {
    const byteArray = new Uint8Array(buffer);
    let byteString = "";
    for (let i = 0; i < byteArray.byteLength; i += 1) {
      byteString += String.fromCodePoint(byteArray[i]);
    }
    return byteString;
}

crypto.subtle.generateKey({
    name: "RSA-OAEP",
    hash: "SHA-256",
    modulusLength: 4096,
    publicExponent: new Uint8Array([1,0,1])
}, true, ["encrypt", "decrypt"]).then(
    (keysObject) => {
        crypto.subtle.exportKey("pkcs8", keysObject.privateKey).then(result => {
            const privateKey = btoa(arrayBufferToString(result));
            console.log(`Private key: `, privateKey);
        });
        crypto.subtle.exportKey("spki", keysObject.publicKey).then(result => {
            const publicKey = btoa(arrayBufferToString(result));
            console.log(`Public key: `,publicKey);
        });
   });

2. Paste the script in the Chrome console

3. Press enter on the keyboard 

Option 2: With OpenSSL or OpenSSH

  • On linux/mac, you can use OpenSSL:
openssl genpkey -out mykey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:4096
openssl rsa -in mykey.pem -pubout > mykey.pub

How to add a new public key

1. Click your 'profile icon', then click 'Console'.

2. Choose the account and project, then select the 'Encryption management' tab.

3. Click 'Store Public key'.

4. Paste your preferred public key.

Pasting raw OpenSSL

Your key should be pasted as a single line, with no newline characters or comments. Pasting raw OpenSSL output will have -----BEGIN / -----END headers (e.g. abdefgabdefgabdefg...) which generates newlines.

5. Click 'Store Key'.

Note that, the private key is not stored anywhere on Contentsquare. You are responsible for saving and retaining the private key. It can take up to 30 minutes before the key is activated.

How to replace a key

1. Click your 'profile icon', then click 'Console'.

2. Choose the account and project, then select the 'Encryption management' tab.

3. Click 'Replace with a new key'.

4. Enter in the new key and click 'Replace key'.

ⓘ  Replacing a key will result in the loss of previously encrypted data.