ipfs-encryption icon indicating copy to clipboard operation
ipfs-encryption copied to clipboard
verified publisher icon richardschneider

Publishing sensitive data

Open richardschneider opened this issue 8 years ago • 3 comments

Problem

As a publisher of data I want only authorised people to read that data So that sensistive information is always protected

richardschneider avatar Nov 23 '17 11:11 richardschneider

Solution

  • [x] Encrypt the data with a key so that it is protects the data
  • [ ] Only give the key to authorised people

richardschneider avatar Nov 23 '17 11:11 richardschneider

Design

  • [x] A key store is needed to manage the life cycle of a key #2
  • [x] When writing protected data, encrypt the data with a key #7
  • [x] When reading protected data, decrypt the data when the key is available; otherwise fail
  • [ ] Allow a person to request a key
  • [ ] Allow a publisher to send a key

richardschneider avatar Nov 23 '17 11:11 richardschneider

NFRs

  • The key is sensitive data, it too must be protected
  • Think of the key store as a HSM, even if implemented in software
  • A raw private key (naked key) can never escape from the key store
  • Requesting and sending a key is a multi-step process, any party can be off-line
  • Follow acceptable security standards

richardschneider avatar Nov 23 '17 11:11 richardschneider