Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support returned secrets in encrypted form #12

Open
peacekeeper opened this issue Nov 13, 2021 · 1 comment
Open

Support returned secrets in encrypted form #12

peacekeeper opened this issue Nov 13, 2021 · 1 comment
Labels
internal-secret-mode

Comments

@peacekeeper
Copy link
Member

In certain cases, the DID Registrar returns private keys and other secrets to a client (see didState.secret).

Should we support that in an encrypted form?

See #6 (review)
@alenhorvat
Copy link

What about the following statement:

For backwards compatibility, DID Registrar supports a "secret mode", where the private keys are created by the DID Registrar driver and are returned to the user. For security reasons, this approach is NOT RECOMMENDED. If the secret client mode is used, the private key MUST be encrypted.

The HTTP response header MUST contain
Cache-Control=no-store
Pragma=no-cache

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
internal-secret-mode
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peacekeeper @alenhorvat