Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Cloud KMS-backed session keys #5

Open
gnarea opened this issue May 3, 2022 · 0 comments
Open

Add support for Cloud KMS-backed session keys #5

gnarea opened this issue May 3, 2022 · 0 comments
Labels
adapter-gcp Google Cloud Platform (GCP) enhancement New feature or request

Comments

@gnarea
Copy link
Member

gnarea commented May 3, 2022
edited
Loading

Describe the problem

GCP KMS/HSM doesn't support any (EC)DH algorithm, so as a workaround we're having to use envelope encryption with a Cloud KMS-backed symmetric key and the wrapped key stored in Datastore.

This means that the app has direct access to the ECDH private key and resulting shared key.

Describe the solution you'd like

The option to have ECDH session keys stored in Cloud KMS/HSM.

See also
@gnarea gnarea added enhancement New feature or request adapter-gcp Google Cloud Platform (GCP) labels May 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
adapter-gcp Google Cloud Platform (GCP) enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gnarea