Crypto In Brief
The fun thing about E3DB is that it’s encrypting JSON blobs and storing / retrieving / sharing them without you having to really worry about the crypto. The downside of this is that it’s not completely obvious what’s going on!
We will be publishing more details about the crypto soon, but we wanted to provide a brief overview here.
What gets encrypted:
E3DB end-to-end encrypts your data, but to support your ability to perform certain types of queries, we currently keep some metadata in the clear. Metadata is important from a security perspective; it can reveal who you are communicating with, and what you are communicating about. In particular, the content type and, the field names, and the users who have access to the data are protected with role-based access control, but not with your keys, at least for now.
- Pros: The advantage of this approach is that it supports querying; you can query for the metadata type writer_ids and other elements, making the database significantly more useful.
- Cons: Assuming that you use meaningful names for things (and to to a lesser extent, even if you don’t) the structure of the data can be available to an attacker who has achieved privileged access to E3DB. That is, the attacker could tell that something is a “user record” and a “social security number”, but not what that social security number is. We have other layers of security to protect against attackers getting access to this data.
We’d like your feedback on this approach. We may make this optional in the future so that the user can choose what’s encrypted, while accepting a limited ability to query data.
How do keys work:
In short, Tozny uses libSodium for cross-platform strong crypto. When you register with E3DB and create a client, you generate a client configuration, including your client keys. When writing data, other keys are produced on the fly as well. Here is a brief overview of the keys:
- Data Keys: A symmetric key used to encrypt the data itself; one per field.
- Authorization (AuthZ) Keys: A symmetric key used to encrypt the data key. Authorized parties get access to this key.
- Client Key: A public / private key pair that is used to encrypt an authorization (authz) key. E3DB maintains the list of public keys and provides them on request for sharing. Longer-term, we want to provide an out-of-band mechanism to help with sharing or verifying public keys. You can always pin them or trust on first use yourself in your application logic, but we haven’t built much infrastructure to help with that. Coming soon. Also in the future, you will be able to generate these programmatically for your users.
- Form Token: When you create a form in the admin console, you can download a token that can be published publicly in your HTML. When clients write data, a temporary “client” is generated on the fly and all data is encrypted in the browser.
- Console Password: Your password is used to derive a key and is verified using a challenge/response protocol.
- Client Key Backups: That same console password key is used (via some indirection) to encrypt copies of your “client key”, unless you disable this feature. That means that you can download your client keys later after you create them, but Tozny cannot access or download them since we never have access to your password.
- Browser Crypto: E3DB can be used with back-end clients (Ruby, Java, Go, etc), front-end clients (Android, iOS), or in the browser as with InnoVault’s web SDK. Browser-based crypto as a component in an end-to-end secure system has different security properties from standalone clients, largely due to the dynamic nature of browser code delivery and the larger attack surface of web browsers. To mitigate this, we have implemented a robust security framework for our web SDK and we will publish details soon.
Then when you share data, that authz key is encrypted with the other party’s public key. We call the set of encrypted authz keys the “Cryptographic Authorization Block” (CAB).
Here is a brief video explainer on the crypto (Note: since creating this video, the ciphers have been changed to use libSodium instead of AES and RSA).
And here’s the flow in picture form:
We’re eager to provide more details. Let us know what kind of information is most helpful to you in making security decisions and understanding the security properties of your system.