Migrate to symmetric encryption for passwords #1462
Conversation
3nprob
force-pushed
the
aes-passkey
branch
2 times, most recently
from
7e28b54
to
4030d79
Compare
* RSA is slow and can't encrypt longer texts than key length * Derive AES key from private key to avoid breaking config schema
|
Seems fine to me – I wonder if we want to actually migrate the old passwords though, to be able to cut out that code path. @Half-Shot? |
|
@tadzik My 5c: Yes, ideally:
However;
I see two options:
So IMO it would be best to treat this in isolation from that and address migration/changing config in separate PR(s) to not have this be blocked. Step by step :) |
|
Completely separate from the above, but a CLI utility for re-encrypting passwords with a new key will also be generally useful to do rotation of the encryption key, either as part of a security routine, or if the encryption key is suspected to be compromised (like if someone mistakenly checks it into git etc) |
|
Just my two cents on this (and they are really minor): We should not require inlining secrets into the configuration files. I'd much rather have those as a separate file that can be loaded and managed like a secret. I treat configuration files as mostly public in my deployments. |
|
@tadzik @Half-Shot @jaller94 How would you like to move forward with this? |
I may be missing some context on why it was decided to use an RSA private key for symmetrically encrypting a database field.
While it's perfectly secure, it has drawbacks over AES:
This changes the encryption scheme from RSA to AES-256-GCM.
To dodge implementing key rotation logic and make this change transparent for users, the AES key is constructed from the hash of the existing private key. Decryption of both modes works transparently.
The real motivation for this change is to facilitate introducing a new encrypted column for per-user SASL keys in #1463