Installation

You can add the Tao Encryption as a standard TAO extension to your current TAO instance.

 $ composer require oat-sa/extension-tao-encryption

Encrypted services supported

1. Results Encryption

  • Setup scripts for Tao Server instance

Encrypt
 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupAsymmetricKeys' generate

Note:

This command will generate two keys (public and private) and save them on the filesystem.

Note:

On Client Tao instance. You have to copy the public key.

Note:

On Server Tao instance. You need both keys

Decrypt

In order to decrypt your results use the following script by passing a delivery id.

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -d <delivery_id>

Or by passing the -all argument

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -all

Note:

This command will decrypt results and store in the delivery result storage setup.

  • Setup scripts for Tao Client instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedResultStorage'
  • Sync Encrypted Result (Run on Server and client)

    In order to sync encrypted results the script needs to be run on the server tao instance and client as well.

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedSyncResult'

alt text

2. Test State data encryption

  • Setup scripts for Tao Client instance

In order to use the encrypted state test service you have to run the following command on tao client instance:

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedStateStorage'
 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedMonitoringService'

This service it's using the symmetric algorithm in order to encrypt information.

alt text

3. User Encryption

  • Setup scripts for Tao Client instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedUser'
  • Setup scripts for Tao Server instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserEventSubscription'
  • Both Instances

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserSynchronizer'

Note:

You should ran this command on client tao instance

alt text

4. Setup Encrypted File Systems

  • Setup scripts for Tao Client instance

 $ sudo -u www-data php index.php "oat\taoEncryption\scripts\tools\SetupEncryptedFileSystem" -f private -e taoEncryption/symmetricEncryptionService -k taoEncryption/symmetricFileKeyProvider
 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupDeliveryEncrypted'
  • Setup scripts for Tao Server instance

 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserApplicationKey'
 $ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupRdfDeliveryEncrypted'

Note:

Extra You can make TAO file systems encrypted. The following command line enables encryption for the private file system, using the service registered with ID taoEncryption/symmetricEncryptionService for data encryption/decryption.

sudo -u www-data php index.php "oat\taoEncryption\scripts\tools\SetupEncryptedFileSystem" -f private -e taoEncryption/symmetricEncryptionService

alt text