Hi Jason, please first create an according JIRA and link the PR there. Thanks, Konrad
> On 20. Nov 2017, at 14:50, Jason Bailey <jason.bai...@sas.com> wrote: > > So I'm just about done implementing this. > > https://github.com/JEBailey/sling-encrypt > > Value level encryption. IV is stored inline so there's no repetition. > Accessing encrypted data via the EncryptionValueMap will decode it > automatically on access and will handle automatically encrypting values if an > encrypted value is updated. > > Only problem I had besides catching up on the last 15 years of cryptography > was that the downstream application I use has a non configurable whitelist > filter for post processors that contain an '@' So I had to make the post > processor configurable. > > As mentioned earlier I wrote this with the intention of donating. I tried to > make it as easy as possible for it to be pulled into where it needs to go. > > However I don't know the process for Donating. Can someone point me the way > or to some documentation? > > Thanks. > -Jason > > -----Original Message----- > From: Justin Edelson [mailto:jus...@justinedelson.com] > Sent: Friday, November 03, 2017 3:37 PM > To: dev@sling.apache.org > Subject: Re: value level encryption > > EXTERNAL > > In AEM, posting encrypted properties to /etc/cloudservices is historically > the primary use case for @Encrypted, but the PostProcessor applies to all > post requests. > > I think this would be a useful addition to Sling. We may want to have some > kind of SPI to support different encryption schemes, but that's an > implementation detail. > > Regards, > Justin > > > On Fri, Nov 3, 2017 at 2:48 PM Jason Bailey <jason.bai...@sas.com> wrote: > >> They only docs I can find on that, assuming we're talking AEM, >> mentions it only works for posting things into /etc/cloudservices. So that's >> out. >> It's been a while, but I'm under the impression that all >> implementations of the java platform now come with a certain level of >> crypto >> >> https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html >> >> I'd probably add a configuration so you could define the level of >> cryptography, and then that would allow people who needed a higher >> level to install their own providers. Is this something that Sling >> would be interested in? Since I'm going to be writing this, if you're >> interested, I'd rather write it with the intent of directly donating it. >> >> >> >> -----Original Message----- >> From: Justin Edelson [mailto:jus...@justinedelson.com] >> Sent: Friday, November 03, 2017 1:35 PM >> To: dev@sling.apache.org >> Subject: Re: value level encryption >> >> EXTERNAL >> >> We have this in our commercial product. At a high level, the way it >> works is that there is a PostProcessor which looks for an @Encrypted >> postfixed property and, if that is present, the corresponding property >> is stored in an encrypted fashion. Decryption is all done manually, >> although personally the idea of an EncryptionValueMap seems really cool to >> me. >> >> I believe the challenge in bringing this into Sling relates to the >> encryption libraries. >> >> On Fri, Nov 3, 2017 at 8:45 AM Jason Bailey <jason.bai...@sas.com> wrote: >> >>> Here's the use case >>> >>> My organization has decided that to conform to the GDPR, any >>> sensitive data should be encrypted while at rest. From a Sling >>> perspective that is a challenge since we've empowered the authors to >>> create forms the way they want. So to be on the safe side, we're >>> looking at encrypting all form fields as they are persisted, and >>> then decrypting the values from the resource when we need to processes >>> them. >>> >>> Now I'm thinking of an EncryptionValueMap that will simplify this >>> process and encapsulate the functionality. You guys are usually >>> ahead of me when I come up with this stuff and I don't like >>> replicating effort. So is there any functionality currently or >>> planned to handle encryption of resource values? >>> >>> Thanks >>> Jason >>> >>
