Interface for Encryption/Decryption

[jefftn]

Antonio or whoever is writing cryptography part, since an interface does not exist yet I'm going to write a basic interface that assumes methods for turning blobs into credential lists and vice versa, please implement it whenever.

[AMarcedone]

I will just have an encryption and decryption method on the blob that return a byte array (containing raw unencrypted data). Parsing should be done by someone else: Do we just wanna have a list of credentials? Or do we wanna include a "partial" log per account (this log could not be modified even by the administrator) or some other additional information (like user preferences to be shared accross clients or whatever)?

[jefftn]

The partial log should be added since the client should be able to audit their account.

We need to decide on the structure of the unencrypted blob file soon though, I can write the method that parses it but I need to know this. Should it be a csv or something? How about one credential per line?

[AMarcedone]

I think that is up to whoever is writing the client code, as the client is the only one involved with parsing and modifying that data.

My guess is that we could just serialize an arraylist of credentials + whatever other data we need. But maybe @jnshi has more experience/better toughts....

[jefftn]

Yeah that would work, and somehow append on an audit log file. This could also be its own separate blob in the request class.

[jnshi]

Be sure to validate all external inputs.

[AMarcedone]

@jnshi what do you mean by that? Can you give me an example?

[jnshi]

http://cwe.mitre.org/data/definitions/20.html http://cwe.mitre.org/data/definitions/502.html