Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Rank (Obsolete):
      9223372036854775807

      Description

      This ticket is a place-holder to describe work to be done for client-side encryption.

      The high-level requirements are the following:

      • encrypt file content
      • encrypt file name
      • have a master key for encryption
        • per-file encryption key derived from master key
        • file data is no longer accessible after file is deleted
      • able to change the user key without re-encrypting files
      • deny access to encrypted data when master key is removed from memory on the client
      • work in "batch scheduler" mode

      We are proposing to address these requirements by:

      So the workflow would be the following:

      • applications see clear text
      • data is encrypted before being sent to servers
        • then remain untouched
      • data is decrypted upon receipt from servers
        • untouched before that
      • servers only see encrypted data
        • but do not need to be aware of it
      • only client nodes have access to encryption keys

      Further details will be added as the feature design makes progress.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sebastien Sebastien Buisson
                Reporter:
                sebastien Sebastien Buisson
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated: