Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: at_auth : use different IVs for encrypting encryptionPrivateKey and selfEncryptionKey. #735

Merged

Conversation

sitaram-kalluri
Copy link
Member

@sitaram-kalluri sitaram-kalluri commented Dec 11, 2024

- What I did

  • In at_auth package, remove the usage of legacy Initialization Vector.
  • In enroll approval flow, instead of legacy IV's generate random IV's for encrypting the "defaultEncryptionPrivateKey" and "selfEncryptionKey" in APKAM flow.
  • The primary reason for storing the encrypted keys is to share defaultEncryptionPrivateKey and defaultSelfEncryptionKey with the app requesting enrollment access. This process is fully handled by the enroll:approve command. Therefore, remove the defaultEncryptionPrivateKey and defaultSelfEncryptionKey when submitting the initial enrollment request.(enroll:request command).

@sitaram-kalluri sitaram-kalluri changed the title fix: Use different IVs for encrypting encryptionPrivateKey and selfEncryptionKey. fix: at_auth : use different IVs for encrypting encryptionPrivateKey and selfEncryptionKey. Dec 11, 2024
murali-shris
murali-shris previously approved these changes Dec 11, 2024
@murali-shris murali-shris self-requested a review December 11, 2024 08:03
Copy link
Contributor

@gkc gkc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

functional tests are failing

@sitaram-kalluri
Copy link
Member Author

functional tests are failing

@gkc : The functional tests are failing because the at_onboarding_cli functional tests runs on the "prod" server of secondary server. The changes related to different IV's are merged to trunk branch, and we are yet to release into canary and prod.

Also, can we have two jobs where functional tests run on trunk version of secondary server and prod version of secondary server? or shall we modify the existing to run only on trunk?

@sitaram-kalluri sitaram-kalluri requested a review from gkc December 11, 2024 12:24
@sitaram-kalluri
Copy link
Member Author

functional tests are failing

The functional tests pass now.

gkc
gkc previously approved these changes Dec 11, 2024
@sitaram-kalluri sitaram-kalluri merged commit 607894d into trunk Dec 12, 2024
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants