Re-Request PreVeil Key Shards for Data Export

Owned by Chris Veneto
Last updated: Jun 03, 2024 by Phil Rodrigues
3 min read

Product

Full PreVeil

Symptom

When performing a Data Export, the folder for the completed export is missing data.

Cause

When an administrator of a PreVeil organization assigns an approval group to the Data Export activity, a submit shards request is sent to users of the organization. Each user’s account sends shards of their decryption keys, wrapped with approver’s encryption key, for each approver in the Data Export Approval Group. User accounts have 4 weeks to respond to this request, and if a user’s account does not fulfill that request within that timeframe, the request will expire and a Data Export request for that user will not contain any data.

Note: The user does not need to manually respond to this request; the computer where they have access to their PreVeil account just needs to be online with PreVeil running within that 4 week period to present the key to the Approval Group.

Resolution

With the 4.18.0 build of PreVeil, we have added functionality for an administrator to re-request shards for the Data Export Approval Group from the users of the organization. A PreVeil administrator can trigger the submit_shards_to_export request. The members of the Data Export Approval Group will need to approve the request, and once approved, the request is sent to the users in the organization that have missing shards.

Steps to trigger submit_shards_to_export request:

  • On the affected user’s device, make sure the PreVeil services are running.

  • On the administrator’s computer, open a Command Prompt window (if on Windows) or a Terminal window (if on Mac).

  • Make sure that the curl command is available on that computer.

  • In either Command Prompt (Windows) or Terminal (Mac) type curl and hit Enter.

  • If curl is installed, you will receive a reply of curl: try ‘curl --help’ for more information

  • Enter the following command to trigger the request to resubmit the shards. (Note: replace the <admin user id> section with the email address of the administrator’s PreVeil account email address.):

    • For Windows: curl -H "Content-Type: application/json" -X POST http://127.0.0.1:4002/users/<admin user id>/get_shards_retry

      • If cURL is not recognized as a command, try using PowerShell:
        Invoke-RestMethod -Uri '<http://127.0.0.1:4002/users/<admin> user id>/get_shards_retry' -Method Post -Headers @{'Content-Type' = 'application/json'}

    • For Mac: curl -H 'Content-Type: application/json' -X POST http://127.0.0.1:4002/users/<admin user id>/get_shards_retry

  • If the request is successful you will receive a response of {"status": "OK"}

  • This will trigger a request that needs to be approved by the members of the Data Export Approval Group.

 

  • Click on the request to open it, and click on the Approve button to approve it.

  • You will receive confirmation that the request has been successfully approved.

  • Once approved by the members of the Data Export Approval Group, a new request for shards will be sent to the users of your organization whose shards were missing initially. This request will expire after 7 days if not fulfilled by the users' accounts, so please ensure that the PreVeil services are running on those users' devices so that the request can be completed successfully.