strong data security - Githubissues

richardschneider / yappy

Yet another REST API server howling at the moon with JSON

MIT License

2 stars 0 forks source link

strong data security #121

Closed richardschneider closed 8 years ago

richardschneider commented 8 years ago

Use a strong encryption algorithm like AES. Should we add the algorithm name and key id to the value?

See #111 for more background info.

richardschneider commented 8 years ago

http://lollyrock.com/articles/nodejs-encryption/

richardschneider commented 8 years ago

An encrypted value

should start with the Privacy Message \u009e
should then have the key id followed by .
should then have the algorithm number followed by .
should end with the base64 encoding of the cipher text

Note: for aes-256-gcm the IV and authTag follow the algorithm number.

richardschneider commented 8 years ago

A security module safeguards and manages digital keys for strong authentication and provides crypto-processing.

richardschneider commented 8 years ago

Need a key management system #114 before this is really done. Currently the key is baked into software. But we can close for now, because KMS will fix this.