Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Tracker] Future-proof our encryption and encryption key management #785

Open
8 tasks
gkc opened this issue Nov 13, 2022 · 1 comment
Open
8 tasks

[Tracker] Future-proof our encryption and encryption key management #785

gkc opened this issue Nov 13, 2022 · 1 comment
Assignees
@gkc @jenmonroe @ScottHeth

Comments

@gkc
Copy link
Contributor

gkc commented Nov 13, 2022
edited by XavierChanth
Loading

Is your feature request related to a problem? Please describe.

  • We currently support one single type of public-private encryption keypair (RSA). We need to support ECC and likely others in the future
  • We currently encrypt symmetric keys in one way only, by using RSA asymmetric keys. We need to explicitly store some metadata about the asymmetric key that was used to encrypt the symmetric key, along with the encrypted key itself
  • We currently support one single type of symmetric key - AES-256. We need to support others.
  • We currently support one single type of encryption - AES-256 using the CTR cipher mode. We need to support others.
  • We currently support having only one public-private encryption keypair. We need to support having more than one - for migration purposes if nothing else.
  • We currently support @alice having only one single shared symmetric encryption key for sharing data with @bob, and @bob likewise having only one single shared symmetric encryption key for sharing data with @alice. We need to support each atSign sharing as many symmetric encryption keys as they like with another atSign, and choosing to encrypt data with any of those shared symmetric encryption keys they wish

Describe the solution you'd like

  • We currently support one single type of public-private encryption keypair (RSA). We need to support ECC and likely others in the future
  • We currently encrypt symmetric keys in one way only, by using RSA asymmetric keys. We need to explicitly store some metadata about the asymmetric key that was used to encrypt the symmetric key, and the specific encryption algorithm used (e.g. there are multiple different ECC algorithms and curves), along with the encrypted key itself
  • We currently support one single type of symmetric key - AES-256. We need to support others.
  • We currently support one single type of encryption - AES-256 using the CTR cipher mode. We need to support others.
  • We currently support having only one public-private encryption keypair. We need to support having more than one - for migration purposes if nothing else.
  • We currently support @alice having only one single shared symmetric encryption key for sharing data with @bob, and @bob likewise having only one single shared symmetric encryption key for sharing data with @alice. We need to support each atSign sharing as many symmetric encryption keys as they like with another atSign, and choosing to encrypt data with any of those shared symmetric encryption keys they wish

High-level tasks (please add additional tasks here!)
Preview Give feedback
@gkc gkc added enhancement New feature or request 5 SP 5 Story Points - 3 Days Medium labels Nov 13, 2022
@gkc gkc self-assigned this Nov 13, 2022
@gkc
Copy link
Contributor Author

gkc commented Nov 13, 2022
edited
Loading

High-level design drafted and reviewed during PR49

@gkc gkc removed the 5 SP 5 Story Points - 3 Days Medium label Nov 13, 2022
@gkc gkc mentioned this issue Nov 13, 2022
Closed
@gkc gkc changed the title Future-proof our key storage, symmetric key encryption / decryption, symmetric key exchange, and data encryption / decryption (Tracker) Future-proof our encryption and encryption key management Nov 13, 2022
@gkc gkc added 0 SP No SP's assigned and removed 0 SP No SP's assigned labels Nov 13, 2022
@gkc gkc removed their assignment Nov 14, 2022
@gkc gkc added 0 SP No SP's assigned Urgent Urgent labels Nov 14, 2022
@gkc gkc self-assigned this Nov 14, 2022
@ksanty ksanty added the PR50 label Nov 14, 2022
@gkc gkc mentioned this issue Nov 27, 2022
Closed
@ksanty ksanty added the PR51 label Nov 29, 2022
@gkc gkc mentioned this issue Mar 20, 2023
Closed
@ksanty ksanty added the PR52 label Dec 12, 2022
@ksanty ksanty added the PR53 label Jan 9, 2023
@gkc gkc removed Urgent Urgent PR50 PR51 PR52 PR53 enhancement New feature or request 0 SP No SP's assigned labels Feb 6, 2023
@XavierChanth XavierChanth changed the title (Tracker) Future-proof our encryption and encryption key management [Tracker] Future-proof our encryption and encryption key management Jun 14, 2023
@XavierChanth XavierChanth pinned this issue Oct 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gkc gkc

@jenmonroe jenmonroe

@ScottHeth ScottHeth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gkc @ksanty @jenmonroe @ScottHeth