Password bank

The Password Bank is a password repository used to decrypt certain password-protected files during inventory, discovery and basic and native imaging. By creating a password bank, you can have Relativity run passwords against each encrypted document until it finds a match. Likewise, when you run an imaging job, mass image, or use image-on-the-fly, the list of passwords specified in the bank accompanies that job so that encrypted files are imaged in that job.

The password bank potentially reduces the number of errors in each job and eliminates the need to address password errors outside of Relativity.

Note: You can locate the Password Bank tab under both the Imaging and the Processing applications, if both are installed.

This page contains the following information:

Password bank in processing workflow

The following graphic and accompanying steps depict how a password bank typically fits into the processing cycle.

(Click to expand)

Password bank in processing diagram

  1. You create a password bank that includes a list of passwords that correspond with the files you intend to process.
  2. You create a processing set and add to it data sources that contain the encrypted documents.
  3. You start inventory and/or discovery on the files in the data sources attached to your processing set.
  4. All passwords you supplied to the password bank become synced via an agent and accompany the job as it goes to the processing engine.
  5. The processing engine discovers the files in the processing set and refers to the password provided in the password bank. It then sends the discovered files back to Relativity so that you can prepare to publish them and view discovery reports.
  6. You publish the discovered files in the processing set.
  7. The document is decrypted and its text and metadata extracted.
  8. The published document is available for review in the workspace, along with all the other previously-encrypted documents whose passwords you provided.

The following scenario depicts the basic procedure by which you'd address errors due to password-protected files in a processing set. In this scenario, you would:

  1. Run publish on your discovered files.
  2. Go to the Errors tab after publish is complete and locate all errors resulting from password protection.
  3. Outside of Relativity, locate the passwords designated to unlock those files.
  4. Return to Relativity, go to the Password Bank, and create entries for every password that corresponds with the errored files.
  5. Run retry on the files that previously resulted in password-protection errors.

Creating or deleting a Password Bank entry

Note: There is no limit on the number of passwords you can add to the password bank; however, having more than 100 passwords could degrade the performance of your processing and imaging jobs.

To create a new entry in the bank:

  1. Click Processing, and click the Password Bank tab.
  2. Click New on the Password Entry category.
  3. Complete the fields on the Password Entry Layout. See Fields for more information.
  4. Click Save. The entry appears among the others under the Password Entry object.

To delete a password, select the check box next to its name and click Delete on the Password Entry object.

Note: When you create a password entry and submit any job that syncs with the processing engine (imaging or processing), an entry is created in the engine for that password and that workspace. Even if you delete that password entry from the password bank, any future jobs will continue to try that password.

Fields

The Password Bank layout contains the following fields:

New password bank entry

  • Type - the type of password entry you're creating. The options are:
    • Passwords - any file that you want to decrypt that is not grouped with the two other types of Lotus Notes or Email encryption certificate. When you select this type, you must enter at least one password in the Passwords field in order to save.
      • Although you're able to process EnCase Logical Evidence files, the password bank doesn't support password-protected Encase files.
      • The password bank doesn't support Microsoft OneNote files.
      • For imaging jobs, this is the only relevant option for a password entry.
      • For imaging and processing jobs, a slipsheet is not created automatically for documents that are password-protected. However, you can create an image outside of Relativity and use the password-protected document's control number as the image key to then load the image into Relativity through the RDC and have it display as the image for that encrypted document.
    • Lotus Notes - any file generated by Lotus Notes software. When you select this type:
      • You must upload a file with an extension of User.ID in the Upload file field.
      • Even though the Password(s) field doesn't display as being required, you must enter passwords for all encrypted Lotus Notes files if you want to decrypt them during the processing job. This is because Lotus Notes files require a matching password and file.
      • If processing is installed, you can associate a custodian with the Lotus files you upload. To do this, select a custodian from the Custodians field, which appears on the layout only when you select Lotus Notes as the type. Doing this syncs the password bank/custodian with the processing engine, which can then access partially encrypted Lotus Notes files. Passwords associated with a custodian have a higher priority.
      • For encrypted Lotus documents, Relativity only supports user.id files whose public key size is 630 bits.
    • Email encryption certificate - files protected by various encryption software certificates.
      • Even though the Password(s) field doesn't display as being required, you must enter passwords for all email encryption certificates if you want to decrypt them during the processing job.
      • When you select this type, you must upload one PFX or P12 file in the Upload file field.
      • You can only upload one file per email encryption entry.
    • AD1 Encryption Certificate - AD1 files protected by an encryption software certificate.
      • Even though the Password(s) field doesn't display as being required, you must enter passwords for all AD1 encryption certificates if you want to decrypt them during the processing job.
      • When you select this type, you must upload one .PFX, .P12, .PEM, or .KEY file in the Upload file field. You'll receive an error if you attempt to upload any other file type.
      • You can only upload one file per email encryption entry.
  • Description - a description of the entry you are adding to the bank. This helps you differentiate between other entry types.
  • Password(s) - the one or more passwords you are specifying for the type you selected. If you select Passwords as the file type, you must add at least one password here in order to save. You can also add values here if you are uploading certificates that don't have passwords. Separate passwords with a carriage return. If you enter two passwords on the same line, the password bank interprets the value as a single password. See Example password.
    • Unicode passwords for ZIP files aren't supported.
    • Relativity bypasses passwords on PST and OST files automatically during file discovery; thus, passwords aren't required for these files to get discovered.
  • Upload file - the accompanying file you're required to upload for either the Lotus Notes or Email encryption certificate types. If uploading for Lotus Notes, the file extension must be User.ID with no exceptions. The file types eligible for upload for the Email encryption certificate type are PFX and P12.

Note: If you save a Powerpoint or Excel document in pre-2007 format (e.g., .PPT or .XLS) and the document is read-only, we use the default known password to decrypt the document, regardless of whether or not the password exists in the Password Bank.

Example password

When supplying passwords to the password bank, if you enter:

password@1

bookmark@56

123456

the password bank recognizes three passwords.

If you enter:

password@1

bookmark@56, 123456

the password bank only recognizes two passwords.

Validations, errors, and exceptions

Note the following:

  • Including a password that doesn't belong to a document in your data set doesn't throw an error or affect the process.
  • A password can unlock multiple files. If you provide the password for a Lotus Notes file that also happens to correspond to a Word file, the password unlocks both files.
  • If you delete a password bank entry after submitting a processing or imaging job, you can still complete those jobs.

You may encounter an exception called Word template files while using the password bank. In this case,the password bank can't unlock an encrypted Word file that was created based on an encrypted Word template where the Word file password is different than the template password, regardless of whether both passwords are in the password bank.

You can resolve password bank errors by supplying the correct password to the bank and then retrying those errors in their respective processing or imaging jobs.

Note: When you supply a valid password to the password bank, the processing engine extracts metadata and extracted text from the document that the password unlocks. However, when you publish that document, its password security isn't removed, in which case it technically remains in an encrypted state even after it's published to the workspace. However, you can view the still-encrypted document in the viewer, because the viewer will recognize that a valid password has been supplied. If the Password Protected field indicates that a document has been decrypted, that designation only refers to the fact that you provided a valid password for it to the password bank for the purposes of processing.

Viewing audits

Every time you send a Password Bank to the processing engine, Relativity adds an audit. The Password Bank object's audit history includes the standard Relativity audit actions of update and run, as well as a list of all passwords associated with a discovery job at run time.

To view the passwords sent to the processing engine during a job:

  1. Click the Processing tab, and then click Password Bank.
  2. Click View Audit on the Password Bank layout.
  3. Click Details on the Password Bank history layout.

  4. Refer to the Value field on the audit details window. Any properties not set on the password bank entry are not listed in the audit.