[SERVER-56529] Protect data using asymmetric crypto Created: 30/Apr/21  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Sergey Galtsev (Inactive) Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Participants:

 Description   

Attn: salman.baset

There are use cases when product could benefit from asymmetric data encryption, where a public key is used for encrypting data, and it can only be decrypted using private key. Benefit of this encryption type is that encryption key needs no protection. Data encrypted using said key can not be decrypted using same key.

Scenarios:

  • Encrypt audit log. It will be impossible for sysadmin to examine the log to learn what is in it
  • Encrypt patient medical data, such as: blood test. Every lab is given the same key (no need for key managenent). Lab is able to upload blood test results, but it will be unable to read it, not it can read any test results other labs produced.
  • Atlas could create database backup for a customer, which would only be readable by said customer, not by Atlas or anyone else.

Generated at Thu Feb 08 05:39:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.