Feature - encyption of the DaaS document data_obj attribute

[dsietz]

Research

• https://docs.rs/openssl/0.10.26/openssl/pkey/index.html +https://docs.rs/openssl/0.10.26/openssl/rsa/index.html
• https://users.rust-lang.org/t/how-generate-ssh-public-private-key-pair/13943

[dsietz]

need to add a feature to have the DaaS service provide a public key and certificate for the data sources to use

• https://docs.rs/openssl/0.10.26/openssl/x509/index.html

[dsietz]

As a somewhat unrelated note, when encrypting data with a public/private key pair, it is usually recommended to:

Create a random symmetric key;
Encrypt that symmetric key with the public key;
Encrypt the data with the symmetric key;
Add the encrypted symmetric key in a header so that the receiver can know it.

This approach has two advantages:

Increased speed since symmetric cyphers are much faster than asymmetric.
Increased security because it leaks less information about the asymmetric key pair, so even if an attacker manages to decrypt a message, she will not be able to decrypt other messages that use the same key pair.

[dsietz]

This is implemented using the dsg module in the pbd crate.