They only docs I can find on that, assuming we're talking AEM, mentions it only works for posting things into /etc/cloudservices. So that's out. It's been a while, but I'm under the impression that all implementations of the java platform now come with a certain level of crypto
https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html I'd probably add a configuration so you could define the level of cryptography, and then that would allow people who needed a higher level to install their own providers. Is this something that Sling would be interested in? Since I'm going to be writing this, if you're interested, I'd rather write it with the intent of directly donating it. -----Original Message----- From: Justin Edelson [mailto:jus...@justinedelson.com] Sent: Friday, November 03, 2017 1:35 PM To: dev@sling.apache.org Subject: Re: value level encryption EXTERNAL We have this in our commercial product. At a high level, the way it works is that there is a PostProcessor which looks for an @Encrypted postfixed property and, if that is present, the corresponding property is stored in an encrypted fashion. Decryption is all done manually, although personally the idea of an EncryptionValueMap seems really cool to me. I believe the challenge in bringing this into Sling relates to the encryption libraries. On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey <jason.bai...@sas.com> wrote: > Here's the use case > > My organization has decided that to conform to the GDPR, any sensitive > data should be encrypted while at rest. From a Sling perspective that > is a challenge since we've empowered the authors to create forms the > way they want. So to be on the safe side, we're looking at encrypting > all form fields as they are persisted, and then decrypting the values > from the resource when we need to processes them. > > Now I'm thinking of an EncryptionValueMap that will simplify this > process and encapsulate the functionality. You guys are usually ahead > of me when I come up with this stuff and I don't like replicating > effort. So is there any functionality currently or planned to handle > encryption of resource values? > > Thanks > Jason >
