Open sergei-maertens opened 1 year ago
Extra info for case observed:
openforms.submissions.views.ResumeFormMixin
needs to store the non-hashed value back into the field instead of keeping the hashed value from suspension.
A fix in the submission resume is applied everywhere, putting this back in the backlog to change hashing to encryption.
Current thoughts is to toggle between two modes: encrypted data (for things that are non-finalized) and hashing (for finalized) submissions.
Constraints for encryption
.env
...) keeps track of key ID (unique) and private key to use. This requires a management command to be able to rotate keys when new keys are deployed (decrypt with old key, re-encrypt with new key)AuthAttribute.objects.filter(value__in=[encrypted_permutations])
query. If multiple BSNs need to be queried at the same time, this requires a python level check too which checks against the decrypted database value (see first bullet).attribut_hashed
boolean field value.Resources:
(taken from https://github.com/open-formulieren/open-forms/issues/2775#issuecomment-1478075565)
This is currently not planned, removing milestone.
Currently we hash sensitive data like BSN's when a submission is deemed finished processing (which can be when it's failed the maximum times of failure during registration).
This breaks additional attempts where manual retries are performed, but now we can't include this data anymore for registration backends.
A better approach would be encrypting this data so that we can decrypt it for additional attempts while storing it in a secure manner. As a bandaid, we can skip the hashing for failed registrations.