Wanted to give a heads up in the direction I'm going with this. https://github.com/JEBailey/sling-encrypt
CipherProvider is a service interface to provide pre-initialized Cipher Objects for encoding and decoding content. EncryptionValueMap encompasses the functionality to encrypt and decrypt specific fields, currently focusing on String and String[] value types. Put and Get methods not implemented yet. EncryptionValueMapDecorator to wrap a map. For the EncryptionValueMap, I'm recording the properties that are encrypted in a separate property field, so that accessing those fields can be done seamlessly from any place that you are instantiate the EncryptionValueMap. Feedback appreciated. -----Original Message----- From: Justin Edelson [mailto:jus...@justinedelson.com] Sent: Friday, November 03, 2017 3:37 PM To: dev@sling.apache.org Subject: Re: value level encryption EXTERNAL In AEM, posting encrypted properties to /etc/cloudservices is historically the primary use case for @Encrypted, but the PostProcessor applies to all post requests. I think this would be a useful addition to Sling. We may want to have some kind of SPI to support different encryption schemes, but that's an implementation detail. Regards, Justin On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey <jason.bai...@sas.com> wrote: > They only docs I can find on that, assuming we're talking AEM, > mentions it only works for posting things into /etc/cloudservices. So that's > out. > It's been a while, but I'm under the impression that all > implementations of the java platform now come with a certain level of > crypto > > https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html > > I'd probably add a configuration so you could define the level of > cryptography, and then that would allow people who needed a higher > level to install their own providers. Is this something that Sling > would be interested in? Since I'm going to be writing this, if you're > interested, I'd rather write it with the intent of directly donating it. > > > > -----Original Message----- > From: Justin Edelson [mailto:jus...@justinedelson.com] > Sent: Friday, November 03, 2017 1:35 PM > To: dev@sling.apache.org > Subject: Re: value level encryption > > EXTERNAL > > We have this in our commercial product. At a high level, the way it > works is that there is a PostProcessor which looks for an @Encrypted > postfixed property and, if that is present, the corresponding property > is stored in an encrypted fashion. Decryption is all done manually, > although personally the idea of an EncryptionValueMap seems really cool to me. > > I believe the challenge in bringing this into Sling relates to the > encryption libraries. > > On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey <jason.bai...@sas.com> wrote: > > > Here's the use case > > > > My organization has decided that to conform to the GDPR, any > > sensitive data should be encrypted while at rest. From a Sling > > perspective that is a challenge since we've empowered the authors to > > create forms the way they want. So to be on the safe side, we're > > looking at encrypting all form fields as they are persisted, and > > then decrypting the values from the resource when we need to processes > > them. > > > > Now I'm thinking of an EncryptionValueMap that will simplify this > > process and encapsulate the functionality. You guys are usually > > ahead of me when I come up with this stuff and I don't like > > replicating effort. So is there any functionality currently or > > planned to handle encryption of resource values? > > > > Thanks > > Jason > > >
