[V2] Should support end-to-end encryption #516
Description
Pryv includes only encryption in-transit and supports encryption at-rest.
End-to-end encryption must be evaluated and (at least one) solution implemented.
Why:
- A server breach is a non-null eventuality which could lead to exposure of all personal data managed by HDS. If the eventuality of the risk is low, its impact is very high.
- Using technologies to encrypt the databases or the data at rest does not guarantee that an attacker can decrypt the data if access to the server is gained (as the server can decrypt the data).
Context:
- Usual end-to-end encryption requires an exchange of keys between parties prior to data exchange. This means that data to be shared must be decrypted by the “owner” and encrypted for the “recipient”. In the context of HDS this would require the “owners” keys to be held in a central place and data edited decrypted on the “fly” by the server the re encrypted also by the server. This still potentially exposes the data and keys to an attacker gaining access to the servers.
Constraints:
- HDS offers to access historical data, which means that data prior to the key exchange needs to be translated for the recipient(s)
- Management of the “owner private key” has to be solved.
Proxy-re-encryption looks promising:
Ref: Wikipedia
I made some investigations. with two flavors https://github.com/perki/test-proxy-re-encrypt
This technology would allow to server to re encrypt existing encrypted data by the server without exposing at anypoint decryption capabilities on the server.