What security is given by the "Security and Encryption" plugin? (where are the keys?)

  • 1
  • Question
  • Updated 2 years ago
I understand that the "Secure" macro is supposed to encrypt sensitive content using PGP, however, it is not clear what security is being offered at all.

I would like to know where and how the private keys are being stored and who has potential access to those keys?

Are the keys stored on the confluence servers along with the encrypted content? Do admins have access to the keys of all users? In that case it is not really clear that the plugin offers much more security than simply restricting the permissions of the page including the sensitive content.

Even so, the plugin may provide a lot of convenience as we can chose to restrict only certain parts of a page, and the audit function seems nice as well. However, it would be very nice with a little more detailed description of how the content is actually secured.
Photo of manname


  • 1 Post
  • 0 Reply Likes
  • frustrated

Posted 3 years ago

  • 1
Photo of Claudio Kirchhoff

Claudio Kirchhoff

  • 1 Post
  • 0 Reply Likes
I am currently evaluating version 2.12.2 of the add-on and like manname I would like to know more about the specifics of the encryption and decryption process. More specifically I would like to ask for answers to the following questions:

1. Does the macro encrypt content symmetrically or asymmetrically? And either way: which algorithm is used?
2. Assuming that asymmetrical encryption is used: Is there one global private/public key pair or is there one pair per user?
3. Assuming that there is one pair per user: how is the private key of a user encrypted? Is the user's confluence password used? If so: is it the plaintext password or the password hash?
4. Assuming that the plaintext password is used: When is it encrypted?
5. Assuming that the password hash is used as a password: If an attacker were to gain access to the database, I believe that he could not only access the the encrypted private PGP key, but also so confluence user password hash used to encrypt it. Is there any mechanism preventing such an attacker from using the hashes to decrypt the private PGP key?

Thank you in advance for taking the time to answer!