1.0.3 • Published 5 years ago
web-hipaapotamus v1.0.3
HIPAApotamos Baselayer
This module is the encryption layer for HIPAApotamos-based projects.
Concept (Based on Firebase proposal document)
This module does NOT interact with Firebase directly, it just encrypts and decrypts the data sent and recieved from Firebase.
This module will encrypt and decrypt table names and data with a public/private Ed25519 keypair. All table names and data will be encrypted.
Flow
There are 3 security protocols involved:
- The AES-256 key, generated by the u2f device and used to encrypt the data sent to firebase
- The one-time ed25519 key, used to encrypt the AES public key when sending to the client
- The SHA3-512 key used to sign the data transfers, and is distributed with the webapp.
(From HIPAA Firebase Protocol Proposal Document)
- Key Request Flow
- Generate ed25519 pub/priv keypair
- Post public key to
key_requeststable - Subscribe to
key_requeststable updates - (Keyserver does things, places encrypted AES key in the firebase table)
- Read from table, decrypt using private Ed25519 key
- Destroy Ed25519 key
- DB Access Flow
- Sign Request (send
{text}.{key}), SHA3-512 key - Decrypt Response
- Sign Request (send