CADLock® Online
Data Security Solutions for CAD Users
Home Downloads Newsroom Products Support
CADLock, Inc.

CADVault FAQ

General

Authorization

Operation

Technical

Security

Miscellaneous

General

What is CADVault?

CADVault is a digital rights management application that runs inside AutoCAD. With CADVault, you can secure selected parts of an AutoCAD drawing file so that other people are given restricted access to the file's contents. In order to access the secured content, recipients of the drawing file must install the free CADVault Runtime.

How much does CADVault cost?

Prices for CADVault vary by region, so check here for exact prices. Most customers prefer to download the software from our web site, however we offer physical media for an additional charge. An unlimited site license costs approximately 5 times as much as a single user license, so site licenses are an attractive option for multiple user environments. Note that CADVault Runtime for downstream users of secured content is free to download, and may be freely distributed.

Where can I buy CADVault?

You can purchase your CADVault license from our online store and be using the software within minutes. If you prefer to pay in local currency or if you prefer to deal with a local reseller, you may check here to find a local reseller in your region. Simply download CADVault from our web site, then install it and start the authorization wizard (CADVAULTAUTHORIZE command) inside AutoCAD to create and install your license certificate.

Is there an evaluation version of CADVault?

Yes, you can simply download the software and install it. CADVault will run in fully functional evaluation mode until you purchase and install a license. Secured content created while CADVault is running in evaluation mode looks and acts just like the real thing, except it is not really secure because it can be unlocked by anybody. The same installation used for evaluation purposes may be converted by simply purchasing and installing a license.

Authorization

How does authorization work?

The process of authorizing an existing CADVault installation involves creating a private master key, then sending a license request with your registration data (including the product code we supply when you purchase a license) to CADLock, Inc., then installing the license certificate that we return in response to the license request. If your computer has internet access, this can all be done automatically within minutes. If your computer does not have an internet connection, the license request may also be sent to us via email from another computer or delivered to your local reseller via other means.

If you purchased a CADVault site license, you only need to go through the authorization process on one computer. The license certificate for that computer may then be exported to a file and installed on the other computers by reading it from the file. The process of pushing the license to other computers on your company intranet can also be automated by copying CADVault keys from the Windows registry, which include the license certificate.

Single user licenses may be used by only one person at a time. The license certificate may be transferred to another computer by exporting it to a file in the authorization wizard, then importing it from the file on the second computer. Single user licenses may be installed on more than one computer at the same time, so long as both installations are used by the same person.

Does CADVault use copy protection?

Yes, but not with technical means. To authorize CADVault after installation, you must obtain a license certificate from CADLock, Inc. There is no technical means preventing the license certificate from being exported and used on another computer. However, since your license certificate is uniquely associated with your private master key, providing it to others is like sharing your master key. Likewise, if you use a stolen license certificate, the original master key for that license will open all secured content that you create.

In addition to the practical reasons not to misuse CADVault software licenses, we expect and trust our customers to adhere to our license agreement for legal and ethical reasons. To protect our rights, we will investigate and prosecute infringers if we receive information about unauthorized usage.

Operation

What can I do with CADVault?

With CADVault you can restrict how others can use selected parts of your drawing. You can specify different sets of permissions, called roles, depending on who opens the drawing. You can also require recipients to agree to a usage agreement before their access is enabled. Since CADVault only secures the parts of the drawing that you select, recipients can still add new elements or modify the parts of the drawing that are not secured. For example, you can:

How can I improve performance in drawings with large vault objects?

The best strategy for keeping secured drawings performing efficiently is to only secure the parts of the drawing that need to be secured, and leave everything else unsecured. In addition, it may be more efficient to create several smaller vaults instead of a single complex vault. You could separate geometry by region (e.g. put each mechanical part or each building segment into a separate vault), or by logical function (e.g. separate by layers).

If you use running object snaps in an AutoCAD command and hover over a vault object that contains many entities, you may experience a delay as AutoCAD searches for object snap points inside the vault. This can result in the cursor appearing 'sticky' when moving it over a vault. Autodesk improved object snap performance starting with AutoCAD 2005, so this problem is much more noticeable in earlier versions of AutoCAD.

There are several strategies you can use to combat this issue:

Someone exploded my vault. How is this possible?

Recipients cannot literally explode the contents of a secured vault object unless you give them 'Owner' permission. What they can explode is the proxy graphics that AutoCAD displays when opening a secured drawing on a system that does not have CADVault Runtime installed.

Proxy graphics are graphics primitives that represent the visual parts of the vault content; the underlying "intelligence" of the original content is not included. When creating a vault, you can choose what proxy graphics should be displayed when the vault is shown as a proxy object in AutoCAD, including an option to display 'Actual' proxy graphics.

If exploding proxy graphics is acceptable, you may choose "Actual" proxy graphics as a courtesy to recipients, so they can still see and plot the vault without having to install the free CADVault Runtime software. This is essentially no different than sending a PDF or DWF file, which can also be imported back into AutoCAD as graphics primitives. If exploding proxy graphics is not acceptable, you must choose one of the other proxy graphics options, thus forcing recipients to install the secure runtime software.

I don't see my vault. Where is it?

If you can't find a vault, try to zoom to extents to see if the vault appears. The vault graphics may not be where you expect, especially if viewing is prohibited.

There are situations in which you can end up with a vault not displaying anything at all: when a vault with Blank proxy graphics is displayed as a proxy object; or when proxy graphics are disabled in AutoCAD and a vault is displayed as a proxy object; or when your current permit does not allow viewing of a vault with Blank proxy graphics. In all other cases the vault will display something: either actual vault graphics, the vault name as text, or the "CADVault Secured Objects" graphic.

How can I stop all those dialogs when I open a locked drawing?

Normally the Open Vault wizard is displayed once for every vault in a drawing, to ensure that you have an opportunity to enable the desired roles for each vault. Pressing the wizard's [Next] button continues opening the drawing. If another vault is encountered, the wizard is displayed again.

To prevent the wizard from displaying for every vault in a drawing, enter any needed credentials the first time that the wizard is displayed, then press [Open >>] instead of [Next]. This will dismiss the wizard and use cached credentials for any remaining vaults in the drawing file that is being opened. To disable the wizard completely, right-click on the CADVault system tray icon and uncheck the "Show Runtime Wizard" option.

If you are creating secured drawing files that contain multiple vault entities, you can create vaults that do not require separate credentials for each vault. Each role that you define includes key rules, including an option called "Key may be cached", and an option to "Allow auto binding". If the user enters credentials for a vault, those credentials will be saved in a temporary cache if "Key may be cached" is enabled. If "Allow auto binding" is enabled, CADVault will automatically use the cached credentials without prompting the user for credentials. By defining roles and vaults carefully, you can minimize the number of prompts when opening your secured files.

Can I batch process multiple drawing files at once?

CADVault does not include any built in batch processing capabilities, however there are many batch processing tools available for AutoCAD. One such tool is ScriptPro, a free tool from Autodesk that is included with the Autodesk Customization Conversion Tools component of the AutoCAD Migration Tools.

To batch processing multiple drawings, you must first automate the process of securing a single drawing. CADVault includes an ActiveX automation interface that can be used for this purpose. The ActiveX interface in CADVault is not officially documented or supported, however the "CADLock\CADVault\Samples" folder includes several sample files that demonstrate its use via AutoLISP and VBA.

If you set up your CADVault options with all default roles properly defined and listed, securing an entire drawing is as simple as loading the AutoLockAll.lsp sample file and running the CADVAULTAUTO command or the (C:CADVAULTAUTO) lisp function. The CADVAULTAUTO command saves a copy of the secured drawing in a a subfolder named "Locked" so that the source drawing remains unchanged. Depending on the complexity of your drawings and other factors that may affect your requirements, you may need to implement some additional logic into the code. For example, it is often desirable to purge block definitions once they are no longer needed outside a vault. In any case, once the function is working for a single drawing, you can use a batch processing utility to execute it on multiple drawings files.

Technical

Does CADVault use DWG files?

Yes. Unlike our older CADLock SE product, CADVault does not use a special file format. Instead, the drawing elements you want to protect are stored in secure vault objects inside AutoCAD DWG files. This means that if you are contractually obligated to provide DWG files, you can use CADVault to do so while still retaining control over the content in those files. Note, however, that recipients of your drawing files must install the free CADVault Runtime in order to fully access their secured content.

What is a vault object?

A CADVault "vault object", sometimes referred to as a "CADVault", is an AutoCAD entity that securely stores and exposes selected content inside your DWG file. In most respects a vault object is like a physical vault: once the vault is locked, a key is required to access its contents.

In AutoCAD terms, a vault object is a custom object that behaves very much like a block consisting of a selection set of drawing entities. Like an AutoCAD block reference, the vault object can be moved or copied as a single entity. If you created the vault, you can even explode it like a block. Unlike a block, however, other people cannot access, view, move, or explode a vault object unless they have explicit permission to do so. By default, a vault object is only accessible to its owner or creator.

Since a CADVault vault is a custom AutoCAD object type, recipients of your drawing need a small application called an object enabler to make vault objects functional. Without the object enabler installed, a vault is still completely secure, but it becomes an AutoCAD proxy object that displays only proxy graphics that you select when the vault is created. The object enabler component needed to fully utilize vault objects is called CADVault Runtime.

Security

Doesn't AutoCAD 2004 and later already include password protection?

Yes, but it is not very useful.

In AutoCAD 2004 and later versions of AutoCAD, users are able to encrypt drawings with a password. Once a drawing is encrypted, the password is required in order to open it again. If an encrypted drawing is sent to a third party, the password must be sent also. If the password is known, the encrypted drawing can be opened with no restrictions on usage, including removing the password. If you donít trust the person to whom you are sending the drawing, or you donít know how securely they will retain control of your drawings, this is no protection at all. Even worse, if you encrypt your drawing and forget the password, the drawing cannot be recovered, even by Autodesk.

A secure drawing file created by CADVault retains its programmed access restrictions no matter what happens to it. Such a file is designed to be distributed beyond the originator's organization to untrusted third parties. With CADVault, your security is programmed into the file format, and it follows the file no matter where it goes. Furthermore, all vaults created with your CADVault license include a "Master" role that can be unlocked with your own private master key.

What about digital signatures in AutoCAD 2004 and later?

In AutoCAD 2004 and later versions of AutoCAD you can digitally sign a drawing file. AutoCAD will check any signed drawing while loading and notify the user if the drawing has been modified since it was signed. This feature is useful for verifying that a drawing has not been modified, but it does nothing to prevent modifications.

CADVault not only monitors modifications, it can disallow them. In addition, CADVault provides a less granular digital signature mechanism, allowing selected parts of a drawing to be signed, and even allowing multiple digital signatures.

Owen Wengerd has written an essay about the use of digital signatures in the CAD industry. The essay is archived here (http://www.manusoft.com/Resources/DigitalSig/index.stm) if you want to read more.

What if I forget a password?

There is no way to recover a lost password for vault usage roles that require a password. If you cannot remember the password, you will need to redefine the usage role with a new password and recreate the vault. If you no longer have the unsecured source drawing, you can use your master key to acquire 'Owner' permissions for the existing vault, then extract its contents and recreate the vault.

What if an employee maliciously secures some drawings?

Every vault object contains a "Master" role that can be unlocked with a master key that the license owner creates as part of the authorization process. If you follow our instructions during the authorization process, you will have this master key stored in a secure location. Simply use this key to unlock the maliciously secured drawings.

Why isn't there a permission to prevent users from erasing a vault?

In addition to your vault object, there may be other drawing elements in your file. The AutoCAD WBLOCK command can be used to export all objects except the vault to a new file. The result is no different than erasing the vault and saving the drawing. Therefore, it is pointless to prevent vault objects from being erased, as the same end result can be achieved easily using other means.

How can I lock a layer?

Layers are not containers of objects, they are only properties of objects. For the same reason that it doesn't make sense to lock a color or a linetype, it also doesn't make sense to lock a layer. However, you can lock all objects on a layer, which is probably what you meant.

When creating a vault with the wizard, you can select the Advanced mode, then use the layer filter page to select only objects on one or more layers. The resulting vault will contain only objects on the selected layers. If you created a deep vault, and nothing else in the drawing references the layers, they can be purged (with the PURGE command) from the host drawing after the vault is created.

Miscellaneous

I didn't find my question. Now what?

Contact your local reseller or try the CADLock Discussion Groups as described on the Support page.

If you still have a question, email us and we'll do our best to help.


Copyright © 2015 CADLock, Inc. All rights reserved. Privacy policy Search this site Trademarks About CADLock, Inc.