Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto Shredding Serialization/Deserialization Support #221

Open
diegosasw opened this issue May 26, 2023 · 0 comments
Open

Crypto Shredding Serialization/Deserialization Support #221

diegosasw opened this issue May 26, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@diegosasw
Copy link

Is your feature request related to a problem? Please describe.
Event Stores are immutable. There are several techniques to protect sensitive information. Crypto Shredding is the process of encrypting sensitive data, associating it to a resource owner (the person who owns the data), and being able to dispose the encryption key when the person exercises the right to be forgotten.

Describe the solution you'd like
A built-in crypto-shredding mechanism where sensitive data in an event could be marked with a [PersonalData] attribute, or similar, and where the resource owner (e.g: the person Id) could be marked with a [DataSubjectId] attribute, or similar, would be ideal. It could follow a similar approach to this one

where the serialization process

  1. Checks whether the event has a [DataSubjectId] attribute
  2. If there is one, it retrieves a new or existing symmetric encryption key from a repository (AKS, in memory or whichever)
  3. It looks for all the properties within the event, at root level or nested, with the [PersonalData] attribute, and it uses the encryption key to encrypt the value, so that it's stored as a string or base64 string property in the JSON. The encrypted value could have a specific suffix (e.g: '.crypto') which makes it explicit that the value is not the original one but the encrypted one.
  4. It saves the DataSubjectId value as a key value pair entry in the event metadata, so that it comes handy later on when deserializing

and the deserialization process

  1. Checks whether the event json has a DataSubjectId value in the metadata
  2. It retrieves the encryption key from the repository
  3. If the key exists, it decrypts every encrypted value (i.e: the values with suffix '.crypto') during deserialization
  4. If the key does not exist, it sets the default value or masks it (e.g: "", "***" or null for strings, 0 for numbers, false for booleans, etc.)

Describe alternatives you've considered
An alternative would be to provide a contract IEventSerializer where we could register our own. But this IEventSerializer would need to also have access to write/read metadata for the above approach to work.

Then we could create serializers with Newtonsoft or System.Text Json
@alexeyzimarev alexeyzimarev added the enhancement New feature or request label Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexeyzimarev @diegosasw