In AEM, posting encrypted properties to /etc/cloudservices is historically the primary use case for @Encrypted, but the PostProcessor applies to all post requests.
I think this would be a useful addition to Sling. We may want to have some kind of SPI to support different encryption schemes, but that's an implementation detail. Regards, Justin On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey <jason.bai...@sas.com> wrote: > They only docs I can find on that, assuming we're talking AEM, mentions it > only works for posting things into /etc/cloudservices. So that's out. > It's been a while, but I'm under the impression that all implementations > of the java platform now come with a certain level of crypto > > https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html > > I'd probably add a configuration so you could define the level of > cryptography, and then that would allow people who needed a higher level to > install their own providers. Is this something that Sling would be > interested in? Since I'm going to be writing this, if you're interested, > I'd rather write it with the intent of directly donating it. > > > > -----Original Message----- > From: Justin Edelson [mailto:jus...@justinedelson.com] > Sent: Friday, November 03, 2017 1:35 PM > To: dev@sling.apache.org > Subject: Re: value level encryption > > EXTERNAL > > We have this in our commercial product. At a high level, the way it works > is that there is a PostProcessor which looks for an @Encrypted postfixed > property and, if that is present, the corresponding property is stored in > an encrypted fashion. Decryption is all done manually, although personally > the idea of an EncryptionValueMap seems really cool to me. > > I believe the challenge in bringing this into Sling relates to the > encryption libraries. > > On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey <jason.bai...@sas.com> wrote: > > > Here's the use case > > > > My organization has decided that to conform to the GDPR, any sensitive > > data should be encrypted while at rest. From a Sling perspective that > > is a challenge since we've empowered the authors to create forms the > > way they want. So to be on the safe side, we're looking at encrypting > > all form fields as they are persisted, and then decrypting the values > > from the resource when we need to processes them. > > > > Now I'm thinking of an EncryptionValueMap that will simplify this > > process and encapsulate the functionality. You guys are usually ahead > > of me when I come up with this stuff and I don't like replicating > > effort. So is there any functionality currently or planned to handle > > encryption of resource values? > > > > Thanks > > Jason > > >
