Cryptography in Acra #
Cryptography is widely used across all Acra services for:
- data protection: during encryption, searchable encryption, masking and tokenization;
- transport protection and authentication: during mutual authentication and encryption used in Themis Secure Session (deprecated since 0.91.0) and TLS;
- audit logging: when calculating integrity checks of log messages and log chains;
- password hashing of registered users of Acra Web Configuration UI (deprecated and removed since 0.91.0);
- key management: all intermediate keys are encrypted by key encryption keys and Acra Master Key.
Acra does not contain any self-made cryptographic primitives or obscure ciphers and relies on:
- Themis cryptographic library which uses OpenSSL/BoringSSL/LibreSSL under the hood;
- Golang’s TLS implementation;
- Golang’s Argon2 hash function implementation.
To deliver its unique guarantees, Acra relies on the combination of well-known ciphers, and a smart key management scheme.
|Use case||Crypto source|
|Default crypto-primitive source||OpenSSL|
|Custom crypto-primitive sources||BoringSSL, LibreSSL, FIPS-compliant, GOST-compliant, HSM|
|Storage encryption||AES-256-GCM-PKCS#7 + ECDH (AcraStructs) or AES-256-GCM-PKCS#7 (AcraBlocks)|
|Transport encryption||TLS v1.2+ / Themis Secure Session (deprecated since 0.91.0)|
Only Acra Enterprise Edition supports custom crypto-primitives sources.
Themis is a high-level open source cryptographic library that encapsulates multiple ciphers into cryptosystems aimed at exact data protection goals.
Themis uses the best available open-source implementations of the most reliable ciphers. Currently, Themis can be built using OpenSSL, LibreSSL, and Google’s BoringSSL (a number of experimental build methods for LibSodium, BearSSL, and even CommonCrypto are available, too).
Acra uses GoThemis (Go-language wrapper for Themis) in AcraServer, AcraTranslator and key management utility. AcraWriters per each platform rely on Themis wrappers built for that platform (for example, AcraWriter for iOS uses ObjCThemis for iOS).
Application level encryption #
The data is encrypted using AES-256-GCM-PKCS#7 and random symmetric key, which is then encrypted by a shared key derived from Acra’s public key and encryptor private key (either Acra or client-side application) using ECDH. This scheme is similar to the HPKE.
The data is encrypted using AES-256-GCM-PKCS#7 and random symmetric key, which is then encrypted using AES-256-GCM-PKCS#7 by Acra’s secret storage key. This scheme is similar to the key wrapping.
Acra also uses key derivation and key stretching functions to derive cryptographically strong keys.
Searchable encryption #
Searchable encryption is based on data encryption and generation of search index. Searchable encryption is supported in both AcraStructs and AcraBlocks. A searchable index is generated using HMAC-SHA256.
Key management #
Acra uses a lot of encryption keys (symmetric and asymmetric). Refer to Key management section to learn more about keys and their lifecycle.
Intermediate and secret keys (KEKs) are stored encrypted by Acra Master Key using AES-256-GCM-PKCS#7.
Acra handles TLS connections between:
- Client application and AcraServer. TLS is used to protect a plaintext from application to AcraServer in Transparent encryption mode, and to protect decrypted plaintext by AcraServer before sending to the application back.
- Client application and AcraTranslator. TLS is used as transport encryption in HTTP and gRPC protocols supported by AcraTranslator.
- AcraServer and database. TLS is used to protect other data transmitted through AcraServer to database and to be transparent for strictly configured environment with fully protected communication between applications and databases, with mutual TLS authentication.
- AcraConnector (deprecated since 0.91.0) and AcraServer. Used as one of supported transport encryption between AcraConnector and AcraServer for same reasons as for communication between application and AcraServer. AcraConnector may be used with applications that cannot be extended with TLS protection.
- Hashicorp Vault and AcraServer/AcraTranslator/AcraConnector (deprecated since 0.91.0). All Acra’s services use encrypted private keys encrypted with symmetric key
ACRA_MASTER_KEYthat may be safely loaded from Hashicorp Vault.
To increase security, we extended TLS processing with additional OCSP and CRL validation. It is possible to configure validator to check either OCSP server specified while Acra startup or specified in TLS certificate. A couple of additional settings are presented that allow ignoring or enforcing of particular validations.
Additionally, Acra’s services accept only TLS 1.2+ connections and cipher suites with perfect forward secrecy.
Password hashing #
AcraWebConfig tool is deprecated and removed since 0.91.0. After 0.91.0, Acra components don’t store any accounts, thus, don’t use password hashing.
Cryptographically signed audit logs #
AcraServer, AcraConnector (deprecated since 0.91.0) and AcraTranslator use symmetric keys and HMAC-SHA256 for generating audit logs and signing log messages.