#6018 - Use libsodium + site salt for CPF encryption
-
By PDStig
- Added
- 9 views
| Identifier | #6018 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Use libsodium + site salt for CPF encryption |
| Status | Open |
| Tags |
Roadmap: Over the horizon (custom) |
| Handling member | Deleted |
| Addon | cns_cpfs |
| Description | When encrypting a field, change from using OpenSSL to libsodium. Now that we have data/keys, libsodium can automatically generate a public/private key pair.
This is a much more reliable way to support encrypted fields. Since the password prompt would not be needed anymore (no pass-phrases), we could re-purpose that to a new field option allowing to specify a password required. The workflow would be this: Saving - If a password is specified, the field value is secret-boxed with the password. - The field value, or secret-boxed field value, is encrypted with the key pair. - The encrypted value is stored. Loading - The encrypted value is retrieved. - It is decrypted with the key-pair. - If it still looks encrypted, a password is prompted. - The data is un-secret-boxed with the password. This is not exact as I don't fully recall sodium's functions but this is the basic principle. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet