[jira] [Created] (JAMES-3524) Re-enable AES encryption for the BlobStore

Thu, 25 Mar 2021 02:29:05 -0700 

Benoit Tellier created JAMES-3524:
-------------------------------------

             Summary: Re-enable AES encryption for the BlobStore
                 Key: JAMES-3524
                 URL: https://issues.apache.org/jira/browse/JAMES-3524
             Project: James Server
          Issue Type: Task
          Components: Blob
    Affects Versions: 3.6.0
            Reporter: Benoit Tellier


Users might not wish to administrate themselves a S3 compatible blobStore and 
might rely on a third arty to do so. As such, in order to avoid a third party 
compromission to escalate to a data leak, a good practice is to encrypt the 
data symmetrically, the secret key generation secrets being stored on the 
appkication server.

Such a mechanism prevents data leak for a third party compromission, but do not 
deend against an application server compromission (as the attacker would then 
know the private key).

As part of his work on a Swift compatible blob store [1] , Jean Helou 
contributed an AES encryption mechanism for that very blob store [2]. However, 
changes in the blobStore design, dropping of the (non-reactive) JCloud driver, 
rewrite on top of S3 API, as well as modularization of the blobStore 
(extraction of the BlobStoreDAO, PassThough VS Deduplicating blobStore) [3] 
lead to this work being dropped, for the sake of simplicity in an effort to 
finish a long lasting refactoring.

Note that:
- Needs to encrypt blob payload had been requested on top of the Cassandra blob 
store [4] in order to prevents (full) data leaks from a Cassandra DB 
compromission.
 - Some optimizations (prior [3]) of the object storage when using S3 were 
incompatible with payload encryption [5]

By adoption design proposed in [3], reusing the job made by Jean in [2] we can 
write a generic AESBlobStoreDAO that wraps any other BlobStoreDAO, adding a 
security layer. Using the BlobStoreChooser, we then can re-enable this 
capability on top of the Distributed James server.

[1] https://issues.apache.org/jira/browse/JAMES-2525
[2] https://github.com/linagora/james-project/pull/1865 & 
https://github.com/linagora/james-project/pull/1975 & 
https://issues.apache.org/jira/browse/JAMES-2589
[3] https://issues.apache.org/jira/browse/JAMES-3028
[4] https://issues.apache.org/jira/browse/JAMES-3023
[5] https://issues.apache.org/jira/browse/JAMES-2692



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to