NAME
Crypt::NamedKeys - A Crypt::CBC wrapper with key rotation support
SYNOPSYS
use Crypt::NamedKeys;
my $crypt = Crypt::NamedKeys->new(keyname => 'href');
my $encrypted = $crypt->encrypt_data(data => $href);
my $restored_href = $crypt->decrypt_data(
data => $encrypted->{data},
mac => $encrypted->{mac},
);
DESCRIPTION
This module provides functions to serialize data for transfer via non-protected channels with encryption and data integrity protection. The module tracks key number used to encrypt information so that keys can be rotated without making data unreadable.
CONFIGURATION AND KEY ROTATION
The keys are stored in the keyfile, configurable as below. Keys are numbered starting at 1. Numbers must never be reused. Typically key rotation will be done in several steps, each with its own rollout. These steps MUST be done as separate releases because otherwise keys may not be available to decrypt data, and so things may not work.
keyfile location
The keyfile can be set using the keyfile($path) function. There is no default.
keyfile format
The format of the keyfile is YAML, following a basic structure of
keyname:
[keyhashdef]
so for example:
cryptedfeed:
default_keynum: 9
none: queith7eeTh0teejaichoodobooX9ceechee9Sai9gauChiengaeraew3aDiehei
1: aePh8ahBaNg1bee6ohj3er5cuzeepoophai1oogohpoixothah4AuYiongu4ahta
2: oht1eep8uxoo1eeshaSaemee9aem5chahqueu0Aedaa7eeXae9aeghe5umoNah6a
3: chigh4veifoofe0Vohphee4ohkaef9giz2iaje2ahF4ohboSh6ifaiNgohwohchi
4: Ahphahmisaingo5Ietheangeegi5ia1uuF9taerooShaitoh1Eophig3ohziejet
5: oe5wi2equee6FeiZohjah2peas6Ahquohniefeimai0beip2waxeizoo1OhthohN
6: eigaezee3CeuC8phae4giph6Miqu6piy3Eideipahticesheij7se9eecai9fiez
7: DuuGhohViGh0Sheihahr6ce4Phuin7ahpaiSa5jaiphie3eiz8oa3dohrohghuow
8: ahfoniemah4boemeN8seJ7hohhualeetei7aegohhai5ohwahlohnah2Ee2Ewal1
9: Ceixei4shelohxee1ohdoochuliebael1kae8eit0Geeth1so9fohZi0cohs8go4
10: boreiDe0shueNgie7shai7ooc1yaeveiKeihuox0xahp1hai8phe7aephiel2oob
In general we assume key spefications to use numeric keys within the named key hash. This makes key rotation a lot easier and prevents reusing key numbers.
Key names may not contain = or -.
All keys listed can be used for decryption (with the special 'none' key used if no key number is specified in the cyphertex), but by default only the default keynumber (default_keynum, in this case 9) is used for encrypting.
The keynumber is specified in the resulting cyphertext so we know which key to use for decrypting the cyphertext even if we don't try to decrypt it. This allows:
- Key checking
-
If you store cyphertext in your rdbms, you can check which keys are used before you remove decryption support for a key.
- Orderly key rotation
-
You can add a key, and later depricate it, managing the transition (and perhaps even using logging to know when the old key is no longer needed).
Step 1: Adding a New Key
In many cases you need to be able to add and remove keys without requiring that everything gets the new keys at the same time. For example if you have multiple production systems, they are likely to get updated in series, and if you expect that everyone gets the keys at the same time, timing issues may occur.
For this reason, we recommend breaking up the encryption key rollout into a number of steps. The first one is making sure that everyone can use the new key to decrypt before anyone uses it to encrypt.
The first release is by adding a new key so that it is available for decryption.
For example, in the keyfile suppose one has:
mykey:
default_keynum: 1
none: rsdfagtiaueIUPOIUYHH
1: rsdfagtiaueIUPOIUYHH
We might add another line
2: IRvswqerituq-HPIOHJHGdeewrwyugfrGRSe3eyy6te
Once this file is released, the key number 2 will be available globally for decryption purposes, but everything will still be encrypted using key number 1.
This means it is safe then to go onto the second step.
Step 2: Setting the new key as default
Once the new keys have been released, the next step is to change the default keynumber. Data encrypted in this way will be available even to servers waiting to be updated because the keys have previously been rolled out. To do this, simply change the default_keynum:
mykey:
default_keynum: 1
1: rsdfagtiaueIUPOIUYHH
2: IRvswqerituq-HPIOHJHGdeewrwyugfrGRSe3eyy6te
becomes:
mykey:
default_keynum: 2
1: rsdfagtiaueIUPOIUYHH
2: IRvswqerituq-HPIOHJHGdeewrwyugfrGRSe3eyy6te
Now all new data will be encrypted using keynumber 2.
Step 3: Retiring the old key
Once the old key is no longer being used, it can be retired by deleting the row.
The Special 'none' keynum
For aes keys before the key versioning was introduced, there is no keynum associated with the cyphertext, so we use this key.
CONFIGURATION PARAMETERS
$Crypt::NamedKeys::Escape_Eq;
Set to true, using local or not, if you want to encode with - instead of =
Note that on decryption both are handled.
PROPERTIES
keynum
Defaults to the default keynumber specified in the keyfile (for encryption)
keyname
The name of the key in the keyfile.
METHODS AND FUNCTIONS
Crypt::NamedKeys->keyfile($path)
Can also be called as Crypt::NamedKeys::keyfile($path)
Sets the path of the keyfile. It does not load or reload it (that is done on demand or by reload_keyfile() below
reload_keyhash
Can be called as an object method or function (i.e. Crypt::NamedKeys::reload_keyhash()
Loads or reloads the keyfile. Can be used via event handlers to reload confguration as needed
$self->encrypt_data(data => $data)
Serialize $data to JSON, encrypt it, and encode as base64. Also compute HMAC code for the encrypted data. Returns hash reference with 'data' and 'mac' elements.
Args include
- data
-
Data structure reference to be encrypted
- cypher
-
Cypher to use (default: Rijndael)
$self->decrypt_data(data => $data, mac => $mac)
Decrypt data encrypted using encrypt_data. First checks HMAC code for data. If data was not tampered, decrypts it and decodes from JSON. Returns data, or undef if decryption failed.
$self->encrypt_payload(data => $data)
Encrypts data using encrypt_data and returns result as a string including both cyphertext and hmac in base-64 format. This can work on arbitrary data structures, scalars, and references provided that the data can be serialized as an attribute on a JSON document.
$self->decrypt_payload(value => $value)
Accepts payload encrypted with encrypt_payload, checks HMAC and decrypts the value. Returns decripted value or undef if check or decryption has failed.