Secret Key Encryption - Integratingfactor/lib-idp-crypto GitHub Wiki

When is Secret Key Encryption used?

Secret key encryption would be used when data at rest needs to be protected without user input (every time). Examples could be application side encryption for storing sensitive data (e.g. access tokens, billing agreements, etc.) that application needs to be able to read for business logic processing.

Another example would be to distribute as shared encryption key among users for social sharing of sensitive data. (Of-course, in such cases encryption key would need to be encrypted/decrypted using user's public/private keys for distribution).

How is Secret Key Encryption used?

Secret Key Initialization

When a project is registered with IDP service, we'll create a new Secret Key definition for project consisting of following information:

• Cipher algorithm/mode/scheme
• Key generator algorithm
• key size
• byte[] of encoded key
• version of the definition

Secret Key usage

• Library will provide class declarations to define secret key definition/specs
• Library will provide factory classes to generate and initialize with keys and ciphers using the secret key definition class objects
• Library will provide factory methods to encrypt plaintext into ciphertext with embedded IV and Key version information in ciphertext
• Library will provide factory method to decrypt ciphertext into plaintext and key version
• Applications will use library factory classes to initialize with key definitions fetched from IDP.

Sample Secrect Key Encryption flow

TBD