public interface EncryptionServer
EncryptionServer takes CipherVersion instances generated
by an EncryptionService for a provided namespace. A
CipherVersion provided to the encryption server (by an
EncryptionService) is persisted so that the DecryptionServer
can access this CipherVersion. When persisting, a
CipherVersion's cipher UID is verified whether there is already a
CipherVersion with the same cipher UID already persisted and where
necessary rejected (such collisions can be avoided with good cipher UIDs).
Regarding the implementation of the EncryptionServer, securely
persisting can be done with the public key of an asymmetric encryption
approach so that only the DecryptionService can get the plain text
ciphers from the CipherVersion instances. To avoid transmitting plain
text CipherVersion instances from the EncryptionService to
the EncryptionServer, the EncryptionService should already
encrypt the CipherVersion with the according public key so that the
EncryptionServer always receives encrypted CipherVersion
instances.
The forward secrecy cryptography infrastructure supports
EncryptionServer instances which only need to take care of persisting
the CipherVersion instances and retrieving them. Encryption and
decryption can be done in the according service layers. E.g. the
EncryptionService uses a public key to encrypt the cipher of a
CipherVersion instances and passes it to the EncryptionServer
just storing the CipherVersion without any additional encryption. A
DecryptionService in turn requests the CipherVersion
instances with the encrypted ciphers from the DecryptionServer and is
decrypting the ciphers with the according private key. Another more complex
approach is described regarding the DecryptionServer.
By replacing the implementation of the EncryptionServer, the way
CipherVersion instances are persisted can be changed easily.
| Modifier and Type | Method and Description |
|---|---|
void |
addCipherVersion(String aNamespace,
CipherVersion aCipherVersion)
Adds a
CipherVersion to the EncryptionServer. |
void addCipherVersion(String aNamespace, CipherVersion aCipherVersion) throws CipherUidAlreadyInUseException
CipherVersion to the EncryptionServer.aNamespace - The namespace for which to add the cipheraCipherVersion - The CipherVersion to be added.CipherUidAlreadyInUseException - in case the given cipher UID has
already been used.Copyright © 2018. All rights reserved.