As part of the encryption of certain private values (#8), we will need a way to store the private keys. The private keys should be clearly labeled with the waczCID for which they are associated, and should be retrievable as such.
Use case
As an external researcher, I connect my UWAZI instance to Starling's Hyperbee gateway and get metadata for a particular file. When the metadata is displayed, I see that some of it has been encrypted. There is a place in the UI for me to put in an encryption key and decrypt the information. Out of band, I contact Starling about decrypting the information for a particular file and they send me the decryption key, which I can enter in my UI.
Methods
We likely need a key-value store where the key is the waczCID and the value is the private key. Hypercores can be encrypted so creating a separate, encrypted Hyperbee instance specifically for the encryption keys might be best. That would give us edit history as well for key management best practices.
As part of the encryption of certain private values (#8), we will need a way to store the private keys. The private keys should be clearly labeled with the waczCID for which they are associated, and should be retrievable as such.
Use case
As an external researcher, I connect my UWAZI instance to Starling's Hyperbee gateway and get metadata for a particular file. When the metadata is displayed, I see that some of it has been encrypted. There is a place in the UI for me to put in an encryption key and decrypt the information. Out of band, I contact Starling about decrypting the information for a particular file and they send me the decryption key, which I can enter in my UI.
Methods
We likely need a key-value store where the key is the waczCID and the value is the private key. Hypercores can be encrypted so creating a separate, encrypted Hyperbee instance specifically for the encryption keys might be best. That would give us edit history as well for key management best practices.