Encrypt db_files

[bvw]

Board Ticket #

Git Release Type ( MAJOR | MINOR )

(MINOR)

Description

Test Results

[bvw]

This is just a sketch of how encryption could be enabled by default.
Add column "encrypted" as type boolean to the table db_file
Add more if statements to make it backward compatible
Drop storing binary data in the db_file data if no longer used.
Add tests.
Change other apis to deal with encryption as default.

Consider another approach using the AWS s3 api to provide encryption

[priyankjalu89]

qc::s3 commands use HTTP PUT request to upload files to s3 bucket. We can still encrypt server side using customer provided encryption key using the HTTP PUT approach by specifying extra headers e.g. here.

[bvw]

PUT /example-object HTTP/1.1
Host: example-bucket.s3..amazonaws.com
Accept: /
Authorization:authorization string
Date: Wed, 28 May 2014 19:31:11 +0000
x-amz-server-side-encryption-customer-key:g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC/8SEEXAMPLE
x-amz-server-side-encryption-customer-key-MD5:ZjQrne1X/iTcskbY2example
x-amz-server-side-encryption-customer-algorithm:AES256

[bvw]

Would we store these 3 attributes in our data model?
Key
Md5 of key
Encryption algorithm

[bvw]

Is this portable in that we can locally decrypt the file by knowing the key and the algorithm?
Could you please try to get this working as a proof of concept.
Perhaps this will be via the Qcode-Tlc apis

[priyankjalu89]

Is this portable in that we can locally decrypt the file by knowing the key and the algorithm? Could you please try to get this working as a proof of concept. Perhaps this will be via the Qcode-Tlc apis

AWS takes care of the decryption while getting the object. We have to pass the same arguments i.e. key, md5 key and algorithm

Reference
General ref