Add security

[andreabalducci]

Add a security layer for configuration dispatching.

[alkampfergit]

The proposal is

The server can handle clear text configuration if you do not care security. The server should give a web editor that permits editing the json config and using a password to encrypt the content.

Only people with the password will be able to edit and modify again the configuration.

Client will ask for encrypted configuration giving the password to the server.

Encripted config should contains an HMAC to verify the identity of the server, and verifying that the configuration is not altered.

[alkampfergit]

What to include

• [ ] Get RSA certificate from windows certificate store (computer or user)
• [ ] Store certificate in file system without password using NTFS Encryption
• [ ] Secure server certificate in Linux (how to?)
• [ ] Online editor to edit encrypted file in HTML page
• [ ] Access security to admit only some people in edit/view configs (password for each application)
• [ ] Acl user / configurations (each application can have a different password to avoid lurking configurations of other application)
• [ ] Mix encrypted / unencrypted configurations.