Secure Packager offers a streamlined solution for shipping valuable data and models while enforcing strict access control. By utilizing a combination of Fernet encryption and RSA keys, it ensures that only intended recipients can decrypt the information. This package simplifies the process with a convenient CLI or Docker interface, making secure distribution easy for teams.
secure_packager
Overview
secure_packager is a suite of utility programs designed to securely distribute valuable data and models to clients without the complexities of key management and custom setup on every machine. Issues such as plaintext key exposure and inefficient digital rights management (DRM) solutions are addressed in a pragmatic way, striking a balance between security and usability.
Why Choose secure_packager?
Organizations often face challenges in sharing sensitive files confidently. Typical methods like plain ZIP files lead to key leakage, while traditional DRM systems can be cumbersome. secure_packager provides a streamlined solution:
- Problem: The need to distribute files securely ensures that only intended recipients can access them.
- Solution: The project employs robust encryption by using a symmetric key (Fernet) and securing that key with the recipient's RSA public key, ensuring that only the private key holder can decrypt the content.
Key Features
- Confidentiality by Default: No plaintext Fernet keys are transmitted, enhancing security.
- Flexible Modes: Supports operation with or without licensing enforcement, detected automatically from the provided package.
- User-Friendly Interface: Whether using the command line interface (CLI) or operating within a Docker container, ease of use is a priority.
- Portability: Multi-architecture container images facilitate deployment across diverse environments (linux/amd64, linux/arm64).
Functional Capabilities
- Packager: This component encrypts files using Fernet encryption, wraps the key securely with the recipient’s RSA public key.
- Unpack: Requires the customer's RSA private key to decrypt and unwrap the files.
- Issue-token: Generates vendor-signed license tokens for additional messaging and basic enforcement, such as expiration warnings and access controls.
Example Commands
Packaging without Licensing:
docker run --rm -v $(pwd)/input:/in -v $(pwd)/out:/out \
yourorg/secure-packager:latest packager -in /in -out /out -pub /out/customer_public.pem -zip=true
Unpacking with Licensing:
docker run --rm -v $(pwd)/out:/out -v $(pwd)/dec:/dec -v $(pwd)/keys:/keys \
yourorg/secure-packager:latest unpack -zip /out/encrypted_files.zip -priv /keys/customer_private.pem -out /dec -license-token /keys/token.txt
Package Modes
- Without Licensing: Simple packaging that includes only the wrapped encrypted files.
- With Licensing: Adds a manifest file for licensing requirements, ensuring that access is enforced automatically during unpacking.
Quick Demo Available
For a comprehensive introduction, a quick demo script is provided, showcasing the entire workflow from key generation to encryption and decryption processes, including handling licensing and token issuance.
Conclusion
secure_packager empowers teams to manage sensitive data securely, ensuring that only authorized users can access protected information. It bridges the gap between straightforward data sharing and the need for robust security measures, making it an essential tool for modern organizations.
No comments yet.
Sign in to be the first to comment.