README

This article describes the functioning of tao encryption, focusing of encryption of sensitive data information on a database level.

Installation

You can add the Tao Encryption as a standard TAO extension to your current TAO instance.

 $ composer require oat-sa/extension-tao-encryption

Encrypted services supported

1. Results Encryption

• Setup scripts for Tao Server instance

Encrypt

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupAsymmetricKeys' generate

Note:

This command will generate two keys (public and private) and save them on the filesystem.

Note:

On Client Tao instance. You have to copy the public key.

Note:

On Server Tao instance. You need both keys

Decrypt

In order to decrypt your results use the following script by passing a delivery id.

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -d <delivery_id>

Or by passing the -all argument

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -all

Note:

This command will decrypt results and store in the delivery result storage setup.

• Setup scripts for Tao Client instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedResultStorage'

• Sync Encrypted Result (Run on Server and client)

In order to sync encrypted results the script needs to be run on the server tao instance and client as well.

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedSyncResult'

2. Test State data encryption

• Setup scripts for Tao Client instance

In order to use the encrypted state test service you have to run the following command on tao client instance:

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedStateStorage'

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedMonitoringService'

This service it's using the symmetric algorithm in order to encrypt information.

3. User Encryption

• Setup scripts for Tao Client instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedUser'

• Setup scripts for Tao Server instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserEventSubscription'

• Both Instances

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserSynchronizer'

Note:

You should ran this command on client tao instance

4. Setup Encrypted File Systems

• Setup scripts for Tao Client instance

 $ sudo -u www-data php index.php "oat\taoEncryption\scripts\tools\SetupEncryptedFileSystem" -f private -e taoEncryption/symmetricEncryptionService -k taoEncryption/symmetricFileKeyProvider

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupDeliveryEncrypted'

• Setup scripts for Tao Server instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserApplicationKey'

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupRdfDeliveryEncrypted'

Note:

Extra You can make TAO file systems encrypted. The following command line enables encryption for the private file system, using the service registered with ID taoEncryption/symmetricEncryptionService for data encryption/decryption.

sudo -u www-data php index.php "oat\taoEncryption\scripts\tools\SetupEncryptedFileSystem" -f private -e taoEncryption/symmetricEncryptionService