New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added encryption sub-spec that describes how to encrypt a record, clo… #208
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very thorough and nicely organized. Would be good to get another check from @ggalmazor.
_sections/100-encryption.md
Outdated
<encryptedXmlFile>submission.xml.enc</encryptedXmlFile> | ||
<media> | ||
<file>myimage.jpg.enc</file> | ||
<file>myaudio.mp3</file> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would have a .enc extension, right?
Do we want to show this compact syntax even though Aggregate seems to botch it? I think it's ok because there should be an impending fix (getodk/aggregate#319) but wanted to bring it up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd +1 to have the syntax Collect produces, which is the same one Aggregate generates:
<media>
<file>blah.jpg.enc</file>
</media>
<media>
<file>bleh.jpg.enc</file>
</media>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can do. I forgot to highlight this to you. My thought was, once both syntaxes are supported in Aggregate, to document only the nice one (and phase out the old one from Collect and Enketo in a few years). However, no big deal. We could update it later.
_sections/100-encryption.md
Outdated
|
||
The AES encryption is a random 256 bit key generated by the client for each record. The submission manifest contains a base64-encoded string of this key. | ||
|
||
After encrypting all files belonging to the record and generating the submission manifest, it is thrown away. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "it" that is thrown away is the key, right? I might say "the raw key" or something because my first couple of readings suggested the manifest was thrown away which doesn't make sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed! Thanks. Will change!
_sections/100-encryption.md
Outdated
|
||
### Content Encryption | ||
|
||
The XML file and uploaded files are encrypted with the equivalent of the **AES/CFB/PKCS5Padding** algorithm as used in Java 9 with a [specified initialization vector algorithm](#initialization-vector). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why Java 9 here? We are using Java 8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I had no idea. Thanks. Will change to 8!
_sections/100-encryption.md
Outdated
|
||
### Key Encryption. | ||
|
||
The AES encryption key is encrypted using the equivalent of the **RSA/NONE/OAEPWithSHA256AndMGF1Padding** in Java 9 using the RSA public key that is part of the [XForm definition](/#encryption). The result is base64-encoded. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More Java 9 here
…ses #186
Still need to tweak the navigation menus with a
back to main spec
andencryption spec
links, but maybe that can be done in another PR.