Privacy
The ledger recovery DistributionList
is encrypted using AES keys stored in the node’s database.
Upon startup, a node creates ten random AES keys and stores them in the node_aes_encryption_keys
table, if there are no keys already present.
The keys themselves are obfuscated, by wrapping them with a deterministic AES key derived from the key’s ID and the node’s X.500 name.
senderRecordedTimestamp
is in a separate header object, and is treated as the authenticated additional
data in the AES-GCM encryption. This allows it to be public, which is necessary to allow the receiver node to read it
without having access to the encryption key. It also gives a guarantee to the original sender during recovery that it has not been tampered with.
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.