Encryption Key Server and Client Updates May 31, 2021

Starting v18.0, Gyroscope uses an improved version of the remote key server. An Gyroscope app authenticates with the key server and fetches a remote encryption key to store encrypted data. The storage is more secure by not having the encrypted content and the key at the same location.

Previously, each time a record is encrypted, the key server generates a new encryption key, effectively completing a key rotation. Any stale copy of encrypted data is forever lost. This design could be problematic when historical data needs to be examined within a reasonable timeframe.

The new key server keeps copies of encryption keys for a given record namespace. Upon each encryption, a version number is incremented. This version number also travels with the encryption key, the stored encrypted encryption key, as well as the encrypted content.

Versioning is done transparently on the key server - no database changes are needed on the application.

Retention Settings

A time limit can be set for each key server account. An account is defined in the lb.php as $encclientid. This limit, or a "retention" is measured in seconds. By default, archived keys can stay for 72 hours. This value can be set to higher if a longer period of data must be studied. Conversely, a value of 0 can completely switch off archiving. The Retention value can also be temporarily set to a higher value during data migration.

Migration

The new encdec.php works with both legacy and new key servers. For a non-interrupted migration from an older version of Gyroscope, change this file first before switching the server. The community key space for "pubtest" is already on the new server.