Session store that will store encrypted Session[_]
data into a backend
TODO: This is silly, let's remove this EncryptedDataEncoder type and treat Session as a Functor, apply the encryption
and decryption with mixins into the base SessionStore
Generate random data from a decent PRNG
Mixin for being able to sign bytes It implements HMAC, recommended to use a decent hashing algorithm like SHA256
Base components needed for a symmetric key Utilized by CryptKey
After some investigation into prototyping and fast ciphers, I have a few observations and an implementation Observations:
After some investigation into prototyping and fast ciphers, I have a few observations and an implementation Observations:
Implementation Details: I have chosen to make the IV be the SignedId.Entropy, since it is unique but predictable and public. The key then becomes the hashed SecretKey which is private.
CryptKey := AES-GCM( Key , Iv ) Key := PBKDF2WithHmacSHA1( SecretKey ) Iv := SignedId.Entropy
This means that all sessions will be encrypted with the same secret, but they will have a unique IV based on the entropy of the session id. Note: secrets are rotated daily.
Alternatively, you could create a new SignedId every time Session data is stored
Default instances of Decryptable type classes for Buf and A => Buf
Default instances of Encryptable type classes for Buf and A => Buf
Default implementations of EncryptedSessionStore with memcached and an in-memory store for mocking
The
crypto
module includes primitives for:It also includes Type Classes for interfacing with backends that would like to encrypt data at rest.