Data encryption in web application - padding method?

Evelyn · August 25, 2017, 9:40am

Hello,
please, does somebody know which method camunda uses in case of data encryption?
ISO-Padding, CMS-Padding, ESP-Padding or Ciphertext stealing?

ISO-Padding [ISO/IEC 7816-4]
CMS-Padding [IETF-RFC 5652]
ISO-Padding [IETF-RFC 4303]
CBC-CS1, CBC-CS2, CBC-CS3 Ciphertext stealing [NIST-SP 800-38 A - Addendum]

Thank you in advance!
Evelyn

Webcyberrob · August 27, 2017, 1:17am

Hi Evelyn,

Could you clarify a little, by encryption do you mean encryption of process variables? If thats the case there is no built in encryption that I am aware of. I have implemented my own encryption in the past…

regards

Rob

Evelyn · August 28, 2017, 1:15pm

Hi Rob,

it’s more about whether the data which can be entered/uploaded
through the Camunda GUI are stored encrypted on a hard disk (or whatever).
If so, is there a standard encryption method and a padding procedure
(see in my first question) which is provided by Camunda?

Thank you in advance!
Evelyn

thorben · August 28, 2017, 2:01pm

Hi Evelyn,

Camunda does not write directly to the filesystem but uses a relational database for persistence. You should check the documentation of the database you use for an answer to your question.

Cheers,
Thorben

system · January 30, 2024, 10:57am