Open b4bhadresh2020 opened 3 years ago
What kind of encryption is being used here? Is it symmetric or asymmetric? How is the encryption key configured? Ideally, the key is runtime configurable. I will dig deeper into the implementation, but we need good documentation around this encryption scheme.
We'll also need a strategy for rotating/revoking the key @wbvtler in event it leaks or is compromised. This is somewhat complex as the old DB columns will still be encrypted with the old secret. So, this will require a utility that accepts the old key and updates the fields with the new key. I've written this before, it would be best to reuse the same ORM or schema tooling as the app.
I created edurain_demo (5e678708-29de-47c5-b578-087e6215664e) KMS key for Asymmetric encryption.
I create edurain1 db in aws server. DB_HOST=edurain1.cejgg0bagt8i.us-east-2.rds.amazonaws.com DB_PORT=3306 DB_DATABASE=edurain DB_USERNAME=admin DB_PASSWORD=Edurain!123
I used edurain_demo key for encrypt SSN and KEY. I created secret table in edurain db store the response_id and encrypt_key in this tb.
This API though input user SSN and key and I have Asymmetric encrypt this SSN and key after store the database. http://localhost/App-API/public/laravel/get-user-ssn-key Request Parameter : user_id,user_ssn,user_key,encrypt_key Request Method : POST
response show this Api http://localhost/App-API/public/laravel/get-user-all-answer/{fafsa_id}/{user_id} Request Method : GET
This API though input user SSN and key and I have encrypt this SSN and key after store the database.
http://localhost/App-API/public/laravel/add-user-ssn-key
Request Parameter : user_id,user_ssn,user_key,encrypt_key (AMAZON KMS KEY)
Request Method : POST
Second API though user all answer store in db.
http://localhost/App-API/public/laravel/add-user-answer
Request Parameter : fafsa_id,user_id,question_id,data_boolean,data_numeric,data_text,data_date
Request Method : POST
This API connected to the puppeteer.
http://localhost/App-API/public/laravel/get-user-all-answer/{fafsa_id}/{user_id} Request Method : GET