Skip to content

Latest commit

 

History

History
42 lines (27 loc) · 2.26 KB

File metadata and controls

42 lines (27 loc) · 2.26 KB

Data Encryption Extension

The Eclipse Dataspace Connector encrypts sensitive information inside a token it sends to other applications (from possibly other companies). This extension implements the encryption of this data and should be used with secure keys and algorithms at all times.

Algorithm Configuration

Key Description Mandatory Default
edc.data.encryption.algorithm Algorithm for encryption and decryption. Must be ether 'AES' or 'NONE'. AES

Strategies

1. AES

The Advanced Encryption Standard (AES) is the default encryption algorithm. For Authenticated Encryption with Associated Data (AEAD) it uses the Galois/Counter Mode or GCM.

When using AES-GCM the key length must be ether 128-, 196- or 256bit. Keys must be stored stored Base64 encoded in the Vault, separated by a comma.

It's possible to generate Keys using OpenSSL

# 128 Bit
openssl rand -base64 16

# 196 Bit
openssl rand -base64 24

# 256 Bit
openssl rand -base64 32

AES Configuration

Key Description Mandatory Default
edc.data.encryption.keys.alias Symmetric Keys stored in the Vault under the configured alias. X
edc.data.encryption.caching.enabled Enable caching to request only keys from the vault after the cache expires. false
edc.data.encryption.caching.seconds Duration in seconds until the cache expires. 3600

2. NONE

This strategy does apply no encryption at all and should only be used for debugging purposes. Using NONE encryption may leak sensitive data to other connectors!