This PR adds JSON encryption/decryption to IEncryptionApi.
It adds two functions: encryptBlob and decryptBlob. Since the key to encrypt the blob is a one-use key, the return of encryptBlob will be an EncryptedBlob, which holds:
The encrypted data.
The key used to encrypt (also encrypted).
The iv used in the process.
Also, this EncryptedBlob will be used as an input parameter for decryptBlob, which needs to decrypt the key first, and then, using that key and the iv, it can decrypt the data.
Changes
Adds JSON encryption/decryption to LocalEncryptionApiService using NodeJS crypto module exclusively.
Adds JSON encryption/decryption to AwsEncryptionApiService using NodeJS crypto module and AWS KMS to generate and decrypt individual DEKs (Data Encryption Keys) that are used for a specific data payload.
Summary
This PR adds JSON encryption/decryption to
IEncryptionApi.It adds two functions:
encryptBlobanddecryptBlob. Since the key to encrypt the blob is a one-use key, the return ofencryptBlobwill be anEncryptedBlob, which holds:ivused in the process.Also, this
EncryptedBlobwill be used as an input parameter fordecryptBlob, which needs to decrypt the key first, and then, using that key and theiv, it can decrypt the data.Changes
LocalEncryptionApiServiceusing NodeJScryptomodule exclusively.AwsEncryptionApiServiceusing NodeJScryptomodule and AWS KMS to generate and decrypt individual DEKs (Data Encryption Keys) that are used for a specific data payload.