Skip to content

Commit

Permalink
Update user-data-protection.md
Browse files Browse the repository at this point in the history
  • Loading branch information
Rajdip019 authored May 13, 2024
1 parent d5b04b1 commit dcd7018
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions docs/backend/user-data-protection.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

# User Data Protection

Data protection is one of the main things for a auth server and we have taken that seriously. Here is a breif how the data gets encrypted and stored in the database.
Data protection is one of the main things for a auth server and we have taken that seriously. Here is a brief on how the data gets encrypted and stored in the database.



Expand All @@ -11,7 +11,7 @@ The method we are using for encryption is **Envelope Encryption**

### Terminology ( to keep in mind )
- `DEK`: Data Encryption Key
- `KEK` : Key Encryption Key
- `KEK`: Key Encryption Key


## Diagram
Expand All @@ -21,28 +21,28 @@ The method we are using for encryption is **Envelope Encryption**

## Explaination

Here is a strp by step guide on how it works.
Here is a step-by-step guide on how it works.

### Step 1:
Every user is assigned a new and unique `DEK` when they sign up.

### Step 2:
We encrypt all the user data from `Session Details`, `Password Reset Request` and all with the user `DEK` using the `AESGcm256` algorithm and store it to DB.
We encrypt all the user data from `Session Details`, `Password Reset Request`, and all with the user `DEK` using the `AESGcm256` algorithm and store it in DB.

### Step 3:
The auth server has his own `KEK`. This is unique for the server. You can generate it by running the command below from the root of your project. ( Make sure you have cargo installed ) - [How to install cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html)
The auth server has its own `KEK`. This is unique for the server. You can generate it by running the command below from the root of your project. ( Make sure you have cargo installed ) - [How to install cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html)
```
cargo run --bin create_kek
```

### Step 4:
We use the `KEK` to encrypt the `DEK` using the same `AESGcm256` algorithm and store it to DB.
We use the `KEK` to encrypt the `DEK` using the same `AESGcm256` algorithm and store it in DB.

### Step 5: ( Additional )
For additional safety you can use `GCP KMS`, `AWS KMS` or any other cloud provider for additional safety.
For additional safety, you can use `GCP KMS`, `AWS KMS` or any other cloud provider for additional safety.



## Feedback

If you have any feedback, please raise a issue or start a discussion. Thank you.
If you have any feedback, please raise an issue or start a discussion. Thank you.

0 comments on commit dcd7018

Please sign in to comment.