Encryption Service
Component Detail
Service Layer
high complexity
Shared Component
mobilebackend
1
Dependencies
0
Dependents
2
Entities
0
Integrations
Description
Provides AES-256-GCM symmetric encryption for sensitive fields at rest. Wraps key derivation logic with per-user keys stored in secure storage, and supports asymmetric encryption (RSA-OAEP / X25519) for end-to-end encrypted assignment dispatch.
encryption-service
Responsibilities
- Encrypt and decrypt sensitive data fields using AES-256-GCM
- Derive and manage per-user symmetric keys stored in secure storage
- Provide asymmetric key pair generation and management for E2E encryption
- Expose a unified encryption API consumed by assignment dispatch and credential storage
Interfaces
encryptField(plaintext: String, userId: String): Future<String>
decryptField(ciphertext: String, userId: String): Future<String>
generateKeyPair(): Future<KeyPair>
encryptAsymmetric(plaintext: String, publicKey: String): Future<String>
decryptAsymmetric(ciphertext: String, privateKey: String): Future<String>
deriveKey(userId: String, salt: String): Future<SecretKey>
rotateKey(userId: String): Future<void>
hashSensitiveValue(value: String): Future<String>
Relationships
Dependencies (1)
Components this component depends on
Related Data Entities (2)
Data entities managed by this component