In addition to its older encryption mechanisms which only work with certifications and that are backwards-compatible with GMS and previous versions of VSys, version 4.0 supports "advanced encryption". In VSys that means built-in support for PGP. PGP is an industry-standard mechanism that is widely supported; the technical details on how it works would fill many, many large books and is not covered here.
There are several major steps in implementing advanced encryption in VSys:
Notes on VSys Anywhere
Entering values into encrypted certifications or attachments works the same way that it does in VSys One: anyone with the appropriate permissions can enter data, but it takes a decryption key to access that data. In VSys One that's easy: when needed, the user is prompted for the decryption key. In Anywhere, that's not a viable option for numerous reasons, foremost security. As a practical matter, then, data can be encrypted in VSys Anywhere, but not viewed or reported afterward.
Reporting corollary: Even though VSys Anywhere reports are actually processed in the background by VSys One, that copy of VSys is running in a "non-interactive" mode, meaning that no one is controlling it, thus no one can be prompted for a decryption key, and therefore VSys Anywhere reports that include encrypted data will only show blanks where that data would be. Plan to access encrypted data solely from within VSys One.
Notes on Scheduled Tasks: Exports, Scripted Integration
Since these are run automatically by VSys One in a "non-interactive" mode, meaning that no one is controlling it, thus no one can be prompted for a decryption key. As with VSys Anywhere reports, attempts to access encrypted data by a scheduled task will only show blanks where that data would be.