Encryption

Owned by M
Last updated: Feb 15, 2022 by Rasmus Bohl Kristensen
1 min read


To prevent anybody from eavesdropping on the bit repository data and messages exchanged, all communication is encrypted. 

Messagebus communication

All protocol messages are exchanged via the messagebus (coordinating layer). To prevent anyone not part of the repository from eavesdropping, the communication is encrypted preferably using mutual TLS (mTLS). 

The use of mTLS ensures that a component (pillar or client) will only communicate with a trusted messagebus and the messagebus will refuse connections to unknown components. 

Instructions for setting up ActiveMQ to use ssl certificates can be found here: http://activemq.apache.org/how-do-i-use-ssl.html. Additionally it should be ensured that only encrypted connections are available and that the ssl connector have the parameters "?wantClientAuth=true&needClientAuth=true" in its uri, this forces the use of mTLS. 

FileExchange

To exchange data a concept of FileExchange exists. Which protocols are supported is not set in stone, but caution should be taken to ensure that traffic is encrypted. 

The reference FileExchange is a WebDAV over a https (mTLS) connection. 

Distribution of certificates

To distribute certificates RepositorySettings is used as the single source of trust in the repository. That also encompasses the infrastructure components such as ActiveMQ and FileExchange. 

When setting up an ActiveMQ or FileExchange (e.g. WebDAV), certificates to trust should be taken from the RepositorySettings permissions section. 

Certificates used with encrypted messagebus and/or FileExchange should follow:

  • The ActiveMQ messagebus should trust certificates with the <InfrastructurePermission>MessageBusClient</InfrastructurePermission>
  • The FileExchange should only trust client certificates with the <InfrastructurePermission>FileExchangeClient</InfrastructurePermission> 
  • Clients and pillars should only trust ActiveMQ instances using certificates with the <InfrastructurePermission>MessageBusServer</InfrastructurePermission>
  • Clients and pillars should only trust FileExchange instances using certificates with the <InfrastructurePermission>FileExchangeServer</InfrastructurePermission>