Problem Statement
- The Datastore Credentials, WiFi Passwords etc are currently received from Controller in plain-text format, as part of configuration blob. And they are exchanged between agents in the EVE through pubsub channel. The sensitive information should be stored inside the configblob in encrypted form. And a set of APIs will be provided to the agents to decrypt them, for usage.
- The sensitive information exchange between the controller and EVE node should be encrypted end-to-end, in man-in-the middle proxy deployments also.
- There encryption methodolgy used for achiving this, should also work with third-party CA verification
Solution
A symmetric key will be used for both encryption and decryption, generated by the controller module. The configuration blob will also contain a symmetric key attribute. The symmetric key will be used to encrypt the sensitive information inside the configuration payload. Controller will use the device certificate to encrypt a symmetric key, inside the configuration payload. The agents while invoking the decrption API for the sensitive information, will also pass the encrypted symmetric key. The symmetric key will be decrypted using the on-chip TPM module, using device private key. The decrypted symmetric key will be used, in turn, to decrypt the sensitive information.