You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/03/20 08:01:00 UTC
[GitHub] [couchdb] eiri opened a new pull request #2685: [WIP] Implement per
database encryption for primary data
eiri opened a new pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685
# Overview
This PR adds an option for enabling encryption for primary data. The encryption done with aes-256-gcm algorithm per document with document keys (Data Encryption Keys) derived from an individual database's key (Key Encryption Key). KEK supplied at time of the database creation and stored along with the rest of its configuration in encrypted "wrapped" form.
The encoding and decoding of documents handled in a dedicated module that also acts as a cache of "unwrapped" KEKs. The general management of KEKs implemented through epi plugin interface to allow a possibility for implementation of interfaces to alternative Key Management Services, e.g. Hashicorps Vault or SecretHub.
The default epi plugin generates KEK at a databae creation time and encrypts it with a Master Encryption Key specified in CouchDB configuration.
## Testing recommendations
Make target `make check-fdb` should pass
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri commented on issue #2685: [WIP] Implement per
database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri commented on issue #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#issuecomment-615029514
Closing in favour of https://github.com/apache/couchdb/compare/prototype/fdb-layer...aegis
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri commented on a change in pull request #2685: [WIP]
Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396497447
##########
File path: src/fabric/src/fabric2_encryption_provider.erl
##########
@@ -0,0 +1,69 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption_provider).
+
+-export([
+ get_kek/1,
+ unwrap_kek/1
+]).
+
+
+get_kek(_DbName) ->
+ case get_mek_iv() of
+ {ok, MEK, IV} ->
+ KEK = crypto:strong_rand_bytes(32),
+ Enc = crypto:stream_init(aes_ctr, MEK, IV),
+ {_, WrappedKEK} = crypto:stream_encrypt(Enc, KEK),
+ {ok, KEK, WrappedKEK};
+ {error, Error} ->
+ {error, Error}
+ end.
+
+
+unwrap_kek(WrappedKEK) ->
+ case get_mek_iv() of
Review comment:
This is Master key though, not databases' Key encryption key, it's not touching data, it only used to encrypt generated per db KEKs. I can change `aes_ctr` encryption of KEK I'm using here for aegis wrapping, but it'll still be the same key for wrap/unwrap operation.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri commented on issue #2685: [WIP] Implement per
database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri commented on issue #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#issuecomment-601578296
@davisp @rnewson This PR is still work in progress, but can you please take a look if general shape of things seems fine to you?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri commented on a change in pull request #2685: [WIP]
Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396522376
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
Review comment:
yes, `private`, thank you. it's more protected in sense that I can't remsh and read unwrapped key from ets. if you think this is not a concern then I'll make worker to do the unwrap fetch.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396468722
##########
File path: src/fabric/src/fabric2_encryption_provider.erl
##########
@@ -0,0 +1,69 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption_provider).
+
+-export([
+ get_kek/1,
+ unwrap_kek/1
+]).
+
+
+get_kek(_DbName) ->
+ case get_mek_iv() of
+ {ok, MEK, IV} ->
+ KEK = crypto:strong_rand_bytes(32),
+ Enc = crypto:stream_init(aes_ctr, MEK, IV),
+ {_, WrappedKEK} = crypto:stream_encrypt(Enc, KEK),
+ {ok, KEK, WrappedKEK};
+ {error, Error} ->
+ {error, Error}
+ end.
+
+
+unwrap_kek(WrappedKEK) ->
+ case get_mek_iv() of
Review comment:
reusing the same Key and IV for different data is a cryptographic no-no.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396516323
##########
File path: src/fabric/src/fabric2_encryption_provider.erl
##########
@@ -0,0 +1,69 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption_provider).
+
+-export([
+ get_kek/1,
+ unwrap_kek/1
+]).
+
+
+get_kek(_DbName) ->
+ case get_mek_iv() of
+ {ok, MEK, IV} ->
+ KEK = crypto:strong_rand_bytes(32),
+ Enc = crypto:stream_init(aes_ctr, MEK, IV),
+ {_, WrappedKEK} = crypto:stream_encrypt(Enc, KEK),
+ {ok, KEK, WrappedKEK};
+ {error, Error} ->
+ {error, Error}
+ end.
+
+
+unwrap_kek(WrappedKEK) ->
+ case get_mek_iv() of
Review comment:
we must use a standard key wrapping technique, not one of your own invention.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396465515
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
+ {encode, WrappedKEK, DbName, DocId, UpdateCounter, DocBody}).
+
+
+decode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
Review comment:
`decrypt`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri commented on a change in pull request #2685: [WIP]
Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396504930
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
Review comment:
This is because of KEK cache. Its erts table set to `protected`, so only gen server can read it, fetching unwrapped key from worker would require to change ets to `private`, but then any proc could read from it, there are no option to limit this, unfortunally.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri closed pull request #2685: [WIP] Implement per
database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri closed pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396466434
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
+ {encode, WrappedKEK, DbName, DocId, UpdateCounter, DocBody}).
+
+
+decode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
+ {decode, WrappedKEK, DbName, DocId, UpdateCounter, DocBody}).
+
+
+
+init(_) ->
+ process_flag(sensitive, true),
+ process_flag(trap_exit, true),
Review comment:
let's try to avoid building another supervisor of our own.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396513093
##########
File path: rel/overlay/etc/default.ini
##########
@@ -699,3 +699,21 @@ compaction = false
; log every generated trace by including the following:
;
; all = (#{}) -> true
+
+[encryption]
+enabled = false
+;
+; To generate master key and initialization vector run the following command
+; ("secret" is an example passphrase here, use something else)
+;
+; `openssl enc -aes-256-ctr -k secret -P -md sha1`
+; output:
+; salt=FC0D0243C5126FB5
+; key=9B43A7711CDDE41FE065FC03A14BBD6A177CBD6A4B474A05DEC9798C79B98045
+; iv =5B3C6478BBC698AAA8CA5BA51DB8FF95
+; Put key in "key.dat" file excluding "key" characters and a carriage return
+; Put iv in "iv.dat" file excluding "iv" characters and a carriage return
+;
+; Keep both files as read-only and owned by couch process.
+; key_file = /var/secured/mount/location/key.dat
+; iv_file = /var/secured/mount/location/iv.dat
Review comment:
there shouldn't _be_ one.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396465147
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
Review comment:
doing all the crypto work in a single gen_server sounds like a recipe for performance issues, even if we do spawn off worker processes there.
could we instead a) set the sensitive flag on self(), b) fetch the unwrapped key c) perform the operation in process d) unset sensitive flag?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396465879
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
+ {encode, WrappedKEK, DbName, DocId, UpdateCounter, DocBody}).
+
+
+decode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
+ {decode, WrappedKEK, DbName, DocId, UpdateCounter, DocBody}).
+
+
+
+init(_) ->
+ process_flag(sensitive, true),
+ process_flag(trap_exit, true),
+
+ case init_st() of
+ {ok, St} ->
+ proc_lib:init_ack({ok, self()}),
+ gen_server:enter_loop(?MODULE, [], St, ?INIT_TIMEOUT);
+ Error ->
+ proc_lib:init_ack(Error)
+ end.
+
+
+terminate(_, _St) ->
+ ok.
+
+
+handle_call({get_wrapped_kek, DbName}, _From, #{cache := Cache} = St) ->
+ {ok, KEK, WrappedKEK} = fabric2_encryption_plugin:get_wrapped_kek(DbName),
Review comment:
can we avoid doing slow external work within the gen_server loop?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri commented on a change in pull request #2685: [WIP]
Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396486114
##########
File path: src/fabric/src/fabric2_fdb.erl
##########
@@ -1328,7 +1339,20 @@ doc_to_fdb(Db, #doc{} = Doc) ->
DiskAtts = lists:map(fun couch_att:to_disk_term/1, Atts),
- Value = term_to_binary({Body, DiskAtts, Deleted}, [{minor_version, 1}]),
+ ValueTerm = case WrappedKEK of
+ false ->
+ {Body, DiskAtts, Deleted};
+ _ ->
+ UpdateCounter = get_stat(Db, <<"update_count">>),
Review comment:
stats are using atomic operations, if the counter got updated since the start of this transaction it'll get aborted here and retried, so counter guaranteed to be unique in a single transaction.
I have a question though: using read-write on atomic ops kills its performance benefits - can we use uuid instead of update counter, is it cryptographically solid enough? that would allow us to avoid "external" monitonic dependancy all together
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396515504
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
Review comment:
you mean `private` there. a `protected` table can be read by all processes.
in the current code you hand the unwrapped key to another process (`spawn_monitor`). It doesn't appear to be more protected in that process than if we did the work in the calling process.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396513647
##########
File path: src/fabric/src/fabric2_fdb.erl
##########
@@ -1328,7 +1339,20 @@ doc_to_fdb(Db, #doc{} = Doc) ->
DiskAtts = lists:map(fun couch_att:to_disk_term/1, Atts),
- Value = term_to_binary({Body, DiskAtts, Deleted}, [{minor_version, 1}]),
+ ValueTerm = case WrappedKEK of
+ false ->
+ {Body, DiskAtts, Deleted};
+ _ ->
+ UpdateCounter = get_stat(Db, <<"update_count">>),
Review comment:
That would not have a guarantee of uniqueness, which is the only reason we have "update counter" instead of "rev" from the original proposal.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396463729
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
+ {encode, WrappedKEK, DbName, DocId, UpdateCounter, DocBody}).
+
+
+decode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
+ when is_binary(WrappedKEK),
+ is_binary(DbName),
+ is_binary(DocId),
+ is_integer(UpdateCounter), UpdateCounter > 0,
+ is_binary(DocBody) ->
+ gen_server:call(?MODULE,
+ {decode, WrappedKEK, DbName, DocId, UpdateCounter, DocBody}).
+
+
+
+init(_) ->
+ process_flag(sensitive, true),
+ process_flag(trap_exit, true),
+
+ case init_st() of
Review comment:
this seems elaborate given the implementation of init_st().
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396459474
##########
File path: src/fabric/src/fabric2_fdb.erl
##########
@@ -1328,7 +1339,20 @@ doc_to_fdb(Db, #doc{} = Doc) ->
DiskAtts = lists:map(fun couch_att:to_disk_term/1, Atts),
- Value = term_to_binary({Body, DiskAtts, Deleted}, [{minor_version, 1}]),
+ ValueTerm = case WrappedKEK of
+ false ->
+ {Body, DiskAtts, Deleted};
+ _ ->
+ UpdateCounter = get_stat(Db, <<"update_count">>),
+ BinBody = term_to_binary(Body,
+ [{compressed, 0}, {minor_version, 1}]),
Review comment:
please compress the body.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396469659
##########
File path: src/fabric/src/fabric2_encryption_provider.erl
##########
@@ -0,0 +1,69 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption_provider).
+
+-export([
+ get_kek/1,
+ unwrap_kek/1
+]).
+
+
+get_kek(_DbName) ->
+ case get_mek_iv() of
+ {ok, MEK, IV} ->
+ KEK = crypto:strong_rand_bytes(32),
+ Enc = crypto:stream_init(aes_ctr, MEK, IV),
+ {_, WrappedKEK} = crypto:stream_encrypt(Enc, KEK),
+ {ok, KEK, WrappedKEK};
+ {error, Error} ->
+ {error, Error}
+ end.
+
+
+unwrap_kek(WrappedKEK) ->
+ case get_mek_iv() of
Review comment:
(we can use the key wrapping and unwrapping code from aegis instead)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] eiri commented on a change in pull request #2685: [WIP]
Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
eiri commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396473698
##########
File path: rel/overlay/etc/default.ini
##########
@@ -699,3 +699,21 @@ compaction = false
; log every generated trace by including the following:
;
; all = (#{}) -> true
+
+[encryption]
+enabled = false
+;
+; To generate master key and initialization vector run the following command
+; ("secret" is an example passphrase here, use something else)
+;
+; `openssl enc -aes-256-ctr -k secret -P -md sha1`
+; output:
+; salt=FC0D0243C5126FB5
+; key=9B43A7711CDDE41FE065FC03A14BBD6A177CBD6A4B474A05DEC9798C79B98045
+; iv =5B3C6478BBC698AAA8CA5BA51DB8FF95
+; Put key in "key.dat" file excluding "key" characters and a carriage return
+; Put iv in "iv.dat" file excluding "iv" characters and a carriage return
+;
+; Keep both files as read-only and owned by couch process.
+; key_file = /var/secured/mount/location/key.dat
+; iv_file = /var/secured/mount/location/iv.dat
Review comment:
Config is writable, my idea is that key will be kept in read-only file with an option to have that file on a separate encrypted mount point.
How do you suggest to store IV?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396456431
##########
File path: rel/overlay/etc/default.ini
##########
@@ -699,3 +699,21 @@ compaction = false
; log every generated trace by including the following:
;
; all = (#{}) -> true
+
+[encryption]
+enabled = false
+;
+; To generate master key and initialization vector run the following command
+; ("secret" is an example passphrase here, use something else)
+;
+; `openssl enc -aes-256-ctr -k secret -P -md sha1`
+; output:
+; salt=FC0D0243C5126FB5
+; key=9B43A7711CDDE41FE065FC03A14BBD6A177CBD6A4B474A05DEC9798C79B98045
+; iv =5B3C6478BBC698AAA8CA5BA51DB8FF95
+; Put key in "key.dat" file excluding "key" characters and a carriage return
+; Put iv in "iv.dat" file excluding "iv" characters and a carriage return
+;
+; Keep both files as read-only and owned by couch process.
+; key_file = /var/secured/mount/location/key.dat
+; iv_file = /var/secured/mount/location/iv.dat
Review comment:
1) not sure why these are external and not inline given the other files are readable by the same user.
2) storing an IV here makes no immediate sense to me so I worry we have a crypto problem to come.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396459776
##########
File path: src/fabric/src/fabric2_fdb.erl
##########
@@ -1328,7 +1339,20 @@ doc_to_fdb(Db, #doc{} = Doc) ->
DiskAtts = lists:map(fun couch_att:to_disk_term/1, Atts),
- Value = term_to_binary({Body, DiskAtts, Deleted}, [{minor_version, 1}]),
+ ValueTerm = case WrappedKEK of
+ false ->
+ {Body, DiskAtts, Deleted};
+ _ ->
+ UpdateCounter = get_stat(Db, <<"update_count">>),
+ BinBody = term_to_binary(Body,
+ [{compressed, 0}, {minor_version, 1}]),
+ {ok, Encoded} = fabric2_encryption:encode(
Review comment:
`encode` is not an acceptable synonym for `encrypt`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396465452
##########
File path: src/fabric/src/fabric2_encryption.erl
##########
@@ -0,0 +1,254 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(fabric2_encryption).
+-behaviour(gen_server).
+-vsn(1).
+
+
+-export([
+ start_link/0,
+ get_wrapped_kek/1,
+ encode/5,
+ decode/5
+]).
+
+
+-export([
+ init/1,
+ terminate/2,
+ handle_call/3,
+ handle_cast/2,
+ handle_info/2,
+ code_change/3
+]).
+
+
+-export([
+ do_encode/6,
+ do_decode/6
+]).
+
+
+-define(INIT_TIMEOUT, 60000).
+-define(LABEL, "couchdb-aes256-gcm-encryption-key").
+
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+
+get_wrapped_kek(DbName) when is_binary(DbName) ->
+ case config:get_boolean("encryption", "enabled", false) of
+ true -> gen_server:call(?MODULE, {get_wrapped_kek, DbName});
+ false -> {ok, false}
+ end.
+
+
+encode(WrappedKEK, DbName, DocId, UpdateCounter, DocBody)
Review comment:
this function performs a cryptographic encryption not a mere encoding. rename to `encrypt` for clarity.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396459254
##########
File path: src/fabric/src/fabric2_fdb.erl
##########
@@ -808,10 +816,11 @@ write_doc(#{} = Db0, Doc, NewWinner0, OldWinner, ToUpdate, ToRemove) ->
ok
end,
- % Update database size
+ % Update database size and db's update counter
AddSize = sum_add_rev_sizes([NewWinner | ToUpdate]),
RemSize = sum_rem_rev_sizes(ToRemove),
incr_stat(Db, <<"sizes">>, <<"external">>, AddSize - RemSize),
+ incr_stat(Db, <<"update_count">>, 1),
Review comment:
This increment will only happen if the transaction succeeds.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2685:
[WIP] Implement per database encryption for primary data
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#discussion_r396460595
##########
File path: src/fabric/src/fabric2_fdb.erl
##########
@@ -1328,7 +1339,20 @@ doc_to_fdb(Db, #doc{} = Doc) ->
DiskAtts = lists:map(fun couch_att:to_disk_term/1, Atts),
- Value = term_to_binary({Body, DiskAtts, Deleted}, [{minor_version, 1}]),
+ ValueTerm = case WrappedKEK of
+ false ->
+ {Body, DiskAtts, Deleted};
+ _ ->
+ UpdateCounter = get_stat(Db, <<"update_count">>),
Review comment:
that we fetch this stat and use it without guaranteeing it is unique is a serious problem. the update happens elsewhere.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] davisp commented on issue #2685: [WIP] Implement per
database encryption for primary data
Posted by GitBox <gi...@apache.org>.
davisp commented on issue #2685: [WIP] Implement per database encryption for primary data
URL: https://github.com/apache/couchdb/pull/2685#issuecomment-602736491
I'm gonna leave all the encryption related stuff to @rnewson and others that know better. My only concern was already called out about having a single `gen_server` handling all of that work. Though looks like there's been changes there already.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services