Interface EncryptionServer
-
- All Known Implementing Classes:
InMemoryEncryptionServerImpl
public interface EncryptionServer
TheEncryptionServer
takesCipherVersion
instances generated by anEncryptionService
for a provided namespace. ACipherVersion
provided to the encryption server (by anEncryptionService
) is persisted so that theDecryptionServer
can access thisCipherVersion
. When persisting, aCipherVersion
's cipher UID is verified whether there is already aCipherVersion
with the same cipher UID already persisted and where necessary rejected (such collisions can be avoided with good cipher UIDs).Regarding the implementation of the
EncryptionServer
, securely persisting can be done with the public key of an asymmetric encryption approach so that only theDecryptionService
can get the plain text ciphers from theCipherVersion
instances. To avoid transmitting plain textCipherVersion
instances from theEncryptionService
to theEncryptionServer
, theEncryptionService
should already encrypt theCipherVersion
with the according public key so that theEncryptionServer
always receives encryptedCipherVersion
instances.The forward secrecy cryptography infrastructure supports
EncryptionServer
instances which only need to take care of persisting theCipherVersion
instances and retrieving them. Encryption and decryption can be done in the according service layers. E.g. theEncryptionService
uses a public key to encrypt the cipher of aCipherVersion
instances and passes it to theEncryptionServer
just storing theCipherVersion
without any additional encryption. ADecryptionService
in turn requests theCipherVersion
instances with the encrypted ciphers from theDecryptionServer
and is decrypting the ciphers with the according private key. Another more complex approach is described regarding theDecryptionServer
.By replacing the implementation of the
EncryptionServer
, the wayCipherVersion
instances are persisted can be changed easily.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
addCipherVersion(java.lang.String aNamespace, CipherVersion aCipherVersion)
Adds aCipherVersion
to theEncryptionServer
.
-
-
-
Method Detail
-
addCipherVersion
void addCipherVersion(java.lang.String aNamespace, CipherVersion aCipherVersion) throws CipherUidAlreadyInUseException
Adds aCipherVersion
to theEncryptionServer
.- Parameters:
aNamespace
- The namespace for which to add the cipheraCipherVersion
- TheCipherVersion
to be added.- Throws:
CipherUidAlreadyInUseException
- in case the given cipher UID has already been used.
-
-