Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature 837 subframework for encrypting data at rest. #3105

Merged
merged 15 commits into from
May 7, 2024
Merged

Feature 837 subframework for encrypting data at rest. #3105

merged 15 commits into from
May 7, 2024

Conversation

Jeeppler
Copy link
Member

@Jeeppler Jeeppler commented Apr 27, 2024
edited by winzj
Loading

Implements a sub-framework for encrypting data at-rest.

It is designed to encrypt text data which needs to be stored into a persistent storage (data base, object storage, file etc.).

The algorithms used fulfill the following requirements:

  • protect both confidentiality and integrity
  • are nonce misuse-resistant

Allows to rotate:

  • initialization vectors (nonces)
  • secrets
  • ciphers

HINT: The actual database encryption as described in #837 and #838 is not implemented.

Jeeppler and others added 14 commits November 12, 2021 10:22
@Jeeppler
Upgrade to JUnit 5 and Bouncy Castle provider
30cb944 
- Fix typo in CryptoAccess
- Upgrade tests to Junit 5
- Add Bouncy Castle crypto provider as dependency #837 #838
@Jeeppler
Basic encryption classes #837
78a1bdf 
- AES-GCM-SIV encryption using
- None encryption
@Jeeppler
Merge branch 'develop' into feature-837-encrypt-sechub-configuration-…
d8fce8a 
…in-db
@Jeeppler
SpotlessApply, reorganization #1827
db62924
@Jeeppler
Restructuring, tests and introduction of rotation class #837
528f50f
@Jeeppler
Added Base64 string class #837
d7ae452 
- added Base64 string class
- improved documentation
- upgraded BouncyCastle
- changed interfaces using Base64 string class
@Jeeppler
Merge branch 'develop' into feature-837-encrypt-sechub-configuration-…
52ef734 
…in-db
@Jeeppler
Improved cryptographic subframework #837
2c05913 
- Introduce BinaryString interface
- Implemented three BinaryString types: Base64String, HexString and PlainString
- Added AES GCM SIV 192 as potential algorithm
- Improved tests
- Small improvements
@Jeeppler
Merge branch 'master' into feature-837-encrypt-sechub-configuration-i…
d1e1141 
…n-db
@Jeeppler
Implemented secret rotation and tests #837
9c52648
@Jeeppler
Finished cryptographic sub-framework to protect data at-rest #837
4e9bf18 
- implemented rotation tests
- improved tests
- fixed detected problems
- improved the documentation

closes #837
@Jeeppler
Spotless apply #837
856b693
@Jeeppler
Fix spotless formatting issues #837
c7d1179
@Jeeppler
Merge branch 'develop' into feature-837-encrypt-sechub-configuration-…
d581297 
…in-db
@lorriborri lorriborri requested a review from winzj May 7, 2024 06:06
lorriborri
lorriborri approved these changes May 7, 2024
View reviewed changes
Copy link
Member

@lorriborri lorriborri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 🌟 Good work 👍
I've found some optional Issues

...e/src/test/java/com/mercedesbenz/sechub/commons/core/security/persistence/AesGcmSivTest.java Show resolved Hide resolved
...e/src/test/java/com/mercedesbenz/sechub/commons/core/security/persistence/AesGcmSivTest.java Outdated Show resolved Hide resolved
@winzj winzj mentioned this pull request May 7, 2024
Closed
winzj
winzj approved these changes May 7, 2024
View reviewed changes
Copy link
Member

@winzj winzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good to me 👍

I just have some minor optional requests for changes, please have a look at the comments.

sechub-commons-core/build.gradle Show resolved Hide resolved
...-core/src/main/java/com/mercedesbenz/sechub/commons/core/security/persistence/AesGcmSiv.java Outdated Show resolved Hide resolved
...main/java/com/mercedesbenz/sechub/commons/core/security/persistence/BinaryStringFactory.java Outdated Show resolved Hide resolved
...rc/main/java/com/mercedesbenz/sechub/commons/core/security/persistence/RotationStrategy.java Outdated Show resolved Hide resolved
...-core/src/main/java/com/mercedesbenz/sechub/commons/core/security/persistence/AesGcmSiv.java Show resolved Hide resolved
...-core/src/main/java/com/mercedesbenz/sechub/commons/core/security/persistence/AesGcmSiv.java Show resolved Hide resolved
@Jeeppler Jeeppler merged commit 14862ef into develop May 7, 2024
1 check passed
@Jeeppler Jeeppler deleted the feature-837-encrypt-sechub-configuration-in-db branch May 7, 2024 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@winzj winzj winzj approved these changes

@lorriborri lorriborri lorriborri approved these changes

@de-jcup de-jcup Awaiting requested review from de-jcup

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Provide a subframework to encrypt data at rest
3 participants
@Jeeppler @lorriborri @winzj