Message encryption #130
Comments
|
Yes This is on the roadmap, i am working on writing a specification for the message format which is based on HTTP Messages, where headers arent encoded but can define encryption, serialization format etc. |
|
Sounds like a great feature |
|
@sagikazarmark You can encrypt messages by doing something like this: Producer: public function collect(Foo $foo)
{
$message = new DefaultMessage($this->queueName);
$message->data = serialize($foo);
$message->encrypted = false;
if ($this->encrypter !== null) {
$message->encrypted = true;
$message->data = $this->encrypter->encrypt($message->data);
}
$this->bernard->produce($message, $this->queueName);
}Consumer: public function __invoke(DefaultMessage $message)
{
$data = $message->data;
if ($message->encrypted) {
if ($this->encrypter === null) {
throw new \RuntimeException('Can not decrypt message. Encrypter is not configured.');
}
$data = $this->encrypter->decrypt($data);
}
/** @var Foo $foo */
$foo = unserialize($data);
// Do something with $foo
}As an encrypter you could use https://github.com/nelmio/NelmioSecurityBundle/blob/master/Encrypter.php We use this approach to collect some sensitive data in front-end application for post process in backend application. Just need to make sure the secret is the same for both apps. |
|
Yeah, it could definitely work. But it seems a bit hacky. What I am thinking about is to have a custom serializer which encrypts the serialized message itself. The benefit is that you can encrypt any kinds of message with it. |
|
It sounded like you need a solution ASAP, hence I provided a hint. Custom normalizer is cleaner, of course, but I guess you need to wrap your message with EncryptedMessage class for normalizer to pick it up. |
|
@lakiboy thank you very much, but it is not so urgent. Actually, you can create a normalizer which wraps around the "usual" normalizer so that you can encrypt any messages. |
|
Why not just extend the |
|
I think message encryption should be universal. Every message is normalized into string at some point. So why not an encryption layer after that point? It is simple, universal. |
|
@sagikazarmark Thats the best/optimal solution, may solution was more the easy way. If you want to setup on this point, i would think the best position is to extend the |
|
Unfortunately i have not had much time for my OSS projects because of an alarming close deadline at work. As @Baachi meantions i think extending the Serializer is a good idea. Could even be done through composition. |
|
Probably yes. But as I know @henrikbjorn plans some sort of message format RFC and I think encryption could be an extension of that. |
|
So basically we have two propsals:
|
|
@sagikazarmark did you have any progress on this? What option worked out best? Note that when the SQSDriver is used, Amazon AWS SQS now supports server-side encryption, which might be an alternative... |
|
I once had the idea of doing something like having a message consist of headers and a body, where the headers would indicate encryption, type of body etc etc. kinda like a http message and i guess that is kind of what Rabbit does also. |
In some cases it exposes a security issue if the messages in a queue are not encrypted, thus can be read by a human.
Is it possible to implement encryption? Not meaning having it in the core, but having the possibility to implement it. Any ideas?
The text was updated successfully, but these errors were encountered: