Does Mekorma Encrypt Electronic Signatures?
From the perspective of most implementers and users, signatures as they are imported into SQL are considered secure. However, they are not processed through an encryption algorithm so are not encrypted in the true sense-they are protected by design. Users of the system rarely if ever (and should never) have direct access to SQL tables or MS-SQL Server Management Studio. If they did, they would find blob information where the signatures reside. Blob data does not have inherent encryption but getting the data out of SQL, onto a hard drive and opened in an application like Adobe Reader takes some doing and some technical knowledge. You will most probably either need development skills or access to someone that has.
Furthermore, via the GUI/Mekorma Signature Library there is no option to export signatures – only to delete existing ones in the library.
If your organization would like even more security, you have options. We recommend you use SQL Server Transparent Data Encryption (TDE). It is a feature of SQL Server, here’s the full documentation on it, below is an excerpt on the technical detail.
TDE performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.