[sda-download] Implement header switch/re-encryption/deencryption

neicnordic / sensitive-data-archive

https://neic-sda.readthedocs.io

GNU Affero General Public License v3.0

3 stars 7 forks source link

[sda-download] Implement header switch/re-encryption/deencryption #366

Closed teemukataja closed 8 months ago

teemukataja commented 3 years ago

If a user sends a public key, re-encrypt the data related params:

        - name: Public-Key
          in: header
          description: Public Encryption key
          required: false
          schema:
            type: string
        - name: destinationFormat
          in: query
          description: destinationFormat
          required: false
          schema:
            type: string
            default: plain | crypt4gh

Also take a look at https://github.com/neicnordic/sda-download/blob/0aa5af3ce690a610c5c2b369dd9d0ef8d58468d7/internal/database/database.go#L173-L178

blankdots commented 3 years ago

related to neicnordic/sda-download#4 ?

blankdots commented 2 years ago

a vault service that re-encrypts the header would work nicely here.

pontus commented 1 year ago

There is a strong use case for having reencryption/header rewriting/decryption as (at least one) separate microservice(s) as we strongly prefer to not have private key that can decrypt the entire archive within a process that is exposed to end users.

pontus commented 1 year ago

Interface needs to be defined.

blankdots commented 8 months ago

relates with #667 and #364

blankdots commented 8 months ago

done with https://github.com/neicnordic/sensitive-data-archive/pull/668