Problem Statement
- The sentitive information, like datastore credentials, WiFi Passwords etc., are in clear-text format inside the configuration blob, received from controlled module. The sensitive information is exchanged between agents in the EVE, as is through pubsub channel.
- The sensitive information should be in cypher text format inside the configuration blob for EVE node. A set of APIs will be provided to the EVE agents to decrypt them.
- The sensitive information exchange between the controller and EVE node should be encrypted end-to-end, in man-in-the middle proxy deployments also.
- There encryption methodolgy used for achiving this, should also work with third-party CA verification
Solution
A symmetric key will be used for both encryption and decryption, generated by the controller module. The configuration blob will contain a symmetric key attribute, to store this symmetric key. The symmetric key will be used to encrypt the sensitive information inside the configuration payload. Controller will use the device certificate to encrypt the symmetric key, inside the configuration blob. While invoking decryption APIs, the EVE agents will also pass the encrypted symmetric key. The symmetric key will be decrypted using the device private key stored inside TPM module. The decrypted symmetric key, in turn, will be used to decrypt the sensitive information.