Skip to content

feat(sdk): EC-wrapped key support for ZTDF #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 3, 2025
Merged

feat(sdk): EC-wrapped key support for ZTDF #224

merged 7 commits into from
Mar 3, 2025

Conversation

@sujankota
Copy link
Contributor

@sujankota sujankota commented Feb 23, 2025
edited
Loading

Proposed Changes

  • Adds a new ec-wrapped KAO type that uses a hybrid EC encryption scheme to wrap the values
  • To use with SDK, adds a new WithWrappingKeyAlg and WithSessionKeyType functional option

Checklist

  • I have added or updated unit tests

@sujankota sujankota requested review from a team as code owners February 23, 2025 13:16
@sujankota sujankota requested a review from mkleene February 23, 2025 18:47
mkleene
mkleene reviewed Feb 26, 2025
View reviewed changes
Copy link
Contributor

@mkleene mkleene left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. The only thing that I really think that we should change is

  • we generate an EC keypair for every request
  • if we are doing EC then we generate an RSA keypair that's unused

mkleene
mkleene reviewed Feb 26, 2025
View reviewed changes
mkleene
mkleene approved these changes Feb 26, 2025
View reviewed changes
Copy link
Contributor

@mkleene mkleene left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Just one comment on thread safety.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 3, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

@sujankota sujankota merged commit d062691 into main Mar 3, 2025
7 of 8 checks passed
@sujankota sujankota deleted the feature/ecc-wrappper-java-sdk branch March 3, 2025 14:38
@opentdf-automation opentdf-automation bot mentioned this pull request Feb 28, 2025
Merged
mkleene pushed a commit that referenced this pull request Apr 7, 2025
@opentdf-automation
chore(main): release 0.7.7 (#226)
d278a3d 
🤖 I have created a release *beep* *boop*
---


<details><summary>0.7.7</summary>

## [0.7.7](v0.7.6...v0.7.7)
(2025-04-07)


### Features

* **sdk:** EC-wrapped key support for ZTDF
([#224](#224))
([d062691](d062691))


### Bug Fixes

* **cmdline:** Disable failing encryptnano ecdsa
([#227](#227))
([80ca207](80ca207))
* **cmdline:** Enable ec-wrapped cfg
([#231](#231))
([ee39ed5](ee39ed5))
* if a version &lt; 4.3.0 is specified create an old-style TDF
([#234](#234))
([082a9e7](082a9e7))
* **sdk:** Fixes nano ECDSA policy binding config
([#225](#225))
([f3e9fed](f3e9fed))
* **sdk:** Remove temporary ec salt value
([#228](#228))
([0fe37c6](0fe37c6))
* **sdk:** Set ec-wrapped to new salt value
([#230](#230))
([d3be28e](d3be28e))
* **sdk:** Update version information
([#232](#232))
([f9eeb0d](f9eeb0d))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkleene mkleene mkleene approved these changes

@pflynn-virtru pflynn-virtru pflynn-virtru approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sujankota @mkleene @pflynn-virtru