-
Notifications
You must be signed in to change notification settings - Fork 21
Encryption operations
For data encryption and decryption, two keys are used.
The first key, slave key is used to encrypt data with an AES-256 algorithm.
The second key, master key is used to encrypt slave key. Once encrypted, slave key is saved in database. At each user connection, master key is generated by user password and a salt.
Keys initialization is managed by the request POST /accounts/password/. It generates master key and recovers encrypted slave key from database. Proxy requests Data-System to initialize keys at each log in.
Keys deleting is managed by the request DELETE /accounts/. Proxy requests Data-System to delete keys at each log out. Thus, data manipulations are possible only if user is logged.
When user changes his password, master key is modified since it is generated by user password and a salt. New master key is generated and old master key is known because the user is logged.
Slave key is encrypted by the new master key.
This operation is managed by the request PUT /accounts/password.
When user forgets his password, slave key can't be decrypted since old master key isn't known. Thus, encrypted data can't be decrypted.
A new slave key is generated to encypt new data.
Data have a witness which is a known encrypted string like account password. If we can't decrypt correctly witness, data are corrupted. It is the case after a reset password since new slave key doesn't correspond to encryption of old data.
This operation is managed by the request DELETE /accounts/reset.