[Koha-bugs] [Bug 32078] We should have an easy way for an administrator to update the encryption keys
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 2 23:53:24 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32078
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dcook at prosentient.com.au
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
Good call on adding functionality for key rotation!
The tricky thing is that we don't currently have a way of noting which key was
used to encrypt which field.
In master, I'm only seeing Koha::Encryption used in Koha::Patron, and within
Koha::Patron it's used in the function "encode_secret".
So we could put a "key_id" or "encrypt_key_id" field in the patron table row,
and then look up the key that way.
Then the re-encryption tool could take a source ID and a destination ID for
doing the re-encryption.
If we wanted to automate it more, we could add additional metadata to the keys
to indicate something like "revoked", "preferred", or whatever. But I think
recording the key ID would be the first step. (You can see this all over AWS
with KMS IDs.)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list