Added encryption sub-spec that describes how to encrypt a record, clo… #208
Conversation
There was a problem hiding this comment.
Very thorough and nicely organized. Would be good to get another check from @ggalmazor.
_sections/100-encryption.md
Outdated
| <encryptedXmlFile>submission.xml.enc</encryptedXmlFile> | ||
| <media> | ||
| <file>myimage.jpg.enc</file> | ||
| <file>myaudio.mp3</file> |
There was a problem hiding this comment.
This would have a .enc extension, right?
Do we want to show this compact syntax even though Aggregate seems to botch it? I think it's ok because there should be an impending fix (getodk/aggregate#319) but wanted to bring it up.
There was a problem hiding this comment.
I'd +1 to have the syntax Collect produces, which is the same one Aggregate generates:
<media>
<file>blah.jpg.enc</file>
</media>
<media>
<file>bleh.jpg.enc</file>
</media>There was a problem hiding this comment.
Can do. I forgot to highlight this to you. My thought was, once both syntaxes are supported in Aggregate, to document only the nice one (and phase out the old one from Collect and Enketo in a few years). However, no big deal. We could update it later.
_sections/100-encryption.md
Outdated
|
|
||
| The AES encryption is a random 256 bit key generated by the client for each record. The submission manifest contains a base64-encoded string of this key. | ||
|
|
||
| After encrypting all files belonging to the record and generating the submission manifest, it is thrown away. |
There was a problem hiding this comment.
The "it" that is thrown away is the key, right? I might say "the raw key" or something because my first couple of readings suggested the manifest was thrown away which doesn't make sense.
There was a problem hiding this comment.
Indeed! Thanks. Will change!
_sections/100-encryption.md
Outdated
|
|
||
| ### Content Encryption | ||
|
|
||
| The XML file and uploaded files are encrypted with the equivalent of the **AES/CFB/PKCS5Padding** algorithm as used in Java 9 with a [specified initialization vector algorithm](#initialization-vector). |
There was a problem hiding this comment.
Oh, I had no idea. Thanks. Will change to 8!
_sections/100-encryption.md
Outdated
|
|
||
| ### Key Encryption. | ||
|
|
||
| The AES encryption key is encrypted using the equivalent of the **RSA/NONE/OAEPWithSHA256AndMGF1Padding** in Java 9 using the RSA public key that is part of the [XForm definition](/#encryption). The result is base64-encoded. |
…ses #186
Still need to tweak the navigation menus with a
back to main specandencryption speclinks, but maybe that can be done in another PR.