Salesforce Uses a symmetric encryption key to encrypt the customer data that it stores. (The symmetric encryption used isAES with 256-bit keys using CBC mode, PKCS5 padding, and random initialization vector (IV).) Salesforce Shield Encryption works in this way.

1) There are three channels to enter data into One: user via desktop using a browser, two: users via mobile device or three: a system making an API call directly into Salesforce.

2) The Application servers in the salesforce data centers serve as a gateway to intercepting requests coming in determining which data elements should be encrypted or decrypted and then applying the appropriate encryption credentials.  The Data Encryption Key (which is also the decryption key) is never transmitted or even written to disk (persisted).

3) It is created/derived in the Salesforce Platform and never leaves. It is created in a component of the platform called the Key Derivation Server.  The Encryption key is derived/created from a combination of a Salesforce component and customer/tenant specific component. These are called secrets. Sometimes they are also referred to as key fragments.

4) The Encryption key in Salesforce Shield Encryption is generated from the master secret (Salesforce component) and the tenant secret (customer component) using PBKDF2 (Password-Based Key Derivation Function 2).

5) The Derived data encryption key is then securely passed to the encryption service and held in the cache of an application server.

– Salesforce Retrieve The Data Encryption Key from the cache and performs the encryption.

– To decrypt the data Salesforce Reads the encrypted data from the database and if the encryption (decryption) key is not in the cache then it needs to derive it again using the associated tenant secret, and then it decrypts using the key and the associated iv.

Salesforce Shield Encryption
Related Posts
Salesforce Jigsaw
Salesforce Jigsaw, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more

Top Ten Reasons Why Tectonic Loves the Cloud
Cloud Managed Services

The Cloud is Good for Everyone - Why Tectonic loves the cloud  You don’t need to worry about tracking licenses. Read more

What is a Salesforce Jumpstart?
Salesforce Quickstart

A Salesforce Jumpstart is a program designed to help businesses quickly and efficiently implement Salesforce, which is a powerful customer Read more

50 Advantages of Salesforce Sales Cloud
Salesforce Sales Cloud

According to the Salesforce 2017 State of Service report, 85% of executives with service oversight identify customer service as a Read more