Skip to content

fix(security): adds a new encryption keypair #430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
biscoe916 wants to merge 2 commits into from
Closed

fix(security): adds a new encryption keypair #430

biscoe916 wants to merge 2 commits into from

Conversation

@biscoe916
Copy link
Member

@biscoe916 biscoe916 commented Mar 19, 2024

No description provided.

@biscoe916 biscoe916 requested a review from a team as a code owner March 19, 2024 18:30
mkleene
mkleene approved these changes Mar 19, 2024
View reviewed changes
Copy link
Contributor

@mkleene mkleene left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good once you take care of any build stuff, found this in the logs:

Error: auth/token_adding_interceptor_test.go:119:34: cannot use &ts (value of type *FakeTokenSource) as AccessTokenSource value in argument to NewTokenAddingInterceptor: *FakeTokenSource does not implement AccessTokenSource (missing method EncryptionPublicKeyPEM)

sdk/auth/access_token_source.go
// more closely linked to what happens in KAS in terms of crypto params
DecryptWithDPoPKey(data []byte) ([]byte, error)
MakeToken(func(jwk.Key) ([]byte, error)) ([]byte, error)
DPoPPublicKeyPEM() string
Copy link
Contributor

@mkleene mkleene Mar 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can get rid of DPoPPublicKeyPEM, I think

strantalis
strantalis requested changes Mar 20, 2024
View reviewed changes
Copy link
Member

@strantalis strantalis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure the asym keys used for kas rewrap encryption should be on the IDP Access token. Those should get created and stored when we load a tdf. They have nothing to do with the oauth flow imo.

@dmihalcik-virtru dmihalcik-virtru changed the title added a new encryption keypair fix(security): adds a new encryption keypair Mar 20, 2024
@strantalis
Copy link
Member

strantalis commented Mar 26, 2024

#461 resolves this.

@strantalis strantalis closed this Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strantalis strantalis strantalis requested changes

@mkleene mkleene mkleene approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@biscoe916 @strantalis @mkleene