Encryption micro-service

[rwmoore]

Given an encryption key and a choice of encryption algorithm, a micro-service is needed to apply the encryption algorithm to a specified file, and update the file size.

[jasoncoposky]

@rwmoore Is it safe to assume the file will always fit in memory?

[rwmoore]

What is the current size limit for a buffer? For now, I am willing to assume the file fits in the buffer. If necessary I can do partial I/O, fill the buffer multiple times, and encrypt each buffer separately. I would then write to a new file.

[jasoncoposky]

my understanding is that this microservice will encrypt a file at rest on a UNIX file system given a fully qualified physical path, a pass phrase and an algorithm. the way you phrased your last reply it sounds like you expect the microservice to return an encrypted buffer given a buffer?

we also can not update the size until all replicas are encrypted, which implies that the update to the size of the data object need be called from the rule after all replicas are encrypted.

[rwmoore]

The goal is to encrypt a single file at a time. The file is on a Unix file system in an iRODS vault.

It sounds like your approach is:

• find the physical path name on the vault
• Apply a remote execution command to do the encryption
• Update the file size in the metadata catalog

This is fine.

Reagan

[jasoncoposky]

The microservice will encrypt the file and write it to a new physical path which will be provided to the calling rule as an out-variable, allowing the rule to decide how to proceed.