Problem Statement
- The sentitive information, like datastore credentials, WiFi Passwords etc., are in clear-text format inside the configuration blob, received from EVE Controller. The sensitive information is exchanged between agents in the EVE node, as is through pubsub channel.
- The sensitive information should be in cypher text format inside the configuration blob for EVE node. A set of APIs will be provided to the EVE agents to decrypt them.
- The sensitive information exchange between the EVE Controller and EVE Node should be encrypted end-to-end, in man-in-the middle proxy deployments also.
- There encryption methodology for this, should also work with third-party CA verification
Solution
A symmetric key will be generated by the EVE controller module. This symmetric key will be used for both encryption and decryption. The configuration blob will contain a symmetric key attribute field, to store this symmetric key.
While preparing the configuration blob, the EVE Controller will use this symmetric key, to encrypt the sensitive information. In turn, EVE controller will use, the EVE Node device certificate, to encrypt the symmetric key.
On EVE node, the agents will also pass the encrypted symmetric key along with the encrypted sensitive information, while calling decryption method API. The symmetric key will be decrypted first, using the device private key stored inside TPM module. In turn, the clear text symmetric key will be used to decrypt the sensitive information.