-
Further to #775 we should explore the possibility of passing newly obtained DEKs (on the encryption path) to the decryption DEK cache. The reason being: It's quite common for a consumer application to…
-
My key cannot be loaded successfully by russh.
I guess it is because of the extra two lines.
```
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,201B66E15944C645
```
Should this type of pem …
-
Sops uses AES-GCM that is an authentication encryption mode, providing both confidentiality and integrity/authenticity of the encrypted configuration values. That is, nobody can read them and also nob…
-
Update the java sdk to support ZTDF Assertions
* creating assertions
* validating assertions
* reading assertions metadata
This support will also be added to the Golang and Javascript SDKs.
-
ampun bang react js
-
Extract a DEK or DEK fraction using a rewrap request
-
I would like a way to support a one-way encryption scheme more seamless than currently possible. Here is the scenario I'm proposing:
I have a KMS service
I have a **developer** and a **target**(…
-
`Kms` exposes a `generateDek` method. Our usage of it in the record encryption filter assumes more than what the contract currently offers:
* It assume that generated DEKs are 256 bits
* It assume…
-
> I think this is going to trigger a flood of requests. A request to the KMS for every message % parallelism produced as > we ask the KMS for a new key which will likely get the same result until a h…
-
Once we've successfully release a version of Boundary that uses the new go-kms-wrapping/extras/kms, we should add a migration that drops the deprecated DEK kms tables.