Closed dsietz closed 4 years ago
need to add a feature to have the DaaS service provide a public key and certificate for the data sources to use
As a somewhat unrelated note, when encrypting data with a public/private key pair, it is usually recommended to:
Create a random symmetric key;
Encrypt that symmetric key with the public key;
Encrypt the data with the symmetric key;
Add the encrypted symmetric key in a header so that the receiver can know it.
This approach has two advantages:
Increased speed since symmetric cyphers are much faster than asymmetric.
Increased security because it leaks less information about the asymmetric key pair, so even if an attacker manages to decrypt a message, she will not be able to decrypt other messages that use the same key pair.
This is implemented using the dsg module in the pbd crate.
Research