Setting Up Node-to-Node Data Encryption

This guide provides a detailed walkthrough on enabling and configuring advanced encryption for node-to-node communications between Gluesync nodes; this feature leverages the Diffie-Hellman key exchange protocol and AES256 encryption to your sensible data to ensure secure communication between distributed systems.

Overview

Node-to-node encryption is a vital component in maintaining the confidentiality and integrity of data transmitted between distributed systems. The Diffie-Hellman key exchange protocol, a widely recognized standard for securely exchanging cryptographic keys over a public channel, is utilized by Gluesync to establish a secure shared secret between nodes. This shared secret enables encrypted data transmission, safeguarding sensitive information from unauthorized access.

In conjunction with the Diffie-Hellman protocol, Gluesync implements AES256 encryption, a symmetric encryption standard renowned for its exceptional strength and efficiency. AES256 provides robust security for sensitive data, making it an ideal choice for protecting communications within the Gluesync environment. The synergy between these technologies ensures that data remains secure and confidential during transmission, thereby protecting your organization’s sensitive information.

Understanding AES-256 Encryption

AES (Advanced Encryption Standard) with 256-bit key length is one of the most secure and widely adopted symmetric encryption algorithms in use today. Here’s what makes it special:

Key Features of AES-256

  • Strong Security: Uses a 256-bit key size, offering 2^256 possible combinations, making it practically impossible to break through brute force attacks

  • Symmetric Encryption: Uses the same key for both encryption and decryption, making it highly efficient for large data transfers

  • Block Cipher: Processes data in fixed-size blocks of 128 bits, applying multiple rounds of substitution and permutation

  • Industry Standard: Approved by the NSA for top-secret information and widely used in government and enterprise applications

How AES-256 Works in Gluesync

In Gluesync’s node-to-node communication:

  • Data is divided into 128-bit blocks

  • Each block undergoes 14 rounds of complex transformations

  • The 256-bit key ensures maximum security for your sensitive data

  • The encryption process is fast and computationally efficient

Understanding Diffie-Hellman Key Exchange

The Diffie-Hellman key exchange protocol is a fundamental building block of secure communications, enabling two parties to establish a shared secret key over an insecure channel.

Key Features of Diffie-Hellman

  • Perfect Forward Secrecy: Each session uses a new key, limiting the impact of potential key compromises

  • Key Agreement Protocol: Allows two parties to generate a shared secret without ever transmitting the actual key

  • Mathematical Foundation: Based on the discrete logarithm problem, making it computationally infeasible for attackers to derive the shared secret

  • No Prior Shared Secret: Parties can establish a secure channel without having any pre-shared secrets

How Diffie-Hellman Works in Gluesync

In Gluesync’s implementation:

  • Each node generates its own public-private key pair

  • Nodes do not exchange public keys: it is mounted as a volume to avoid any potential security issues / MITM attacks

  • A shared secret is computed independently by each node

  • This shared secret is then used with AES-256 for secure data transmission, which in conjunction with a secure TLS communication channel ensures high security standards

Advanced Node-to-Node Encryption

Ths feature offers advanced node-to-node data encryption based on the Diffie-Hellman key exchange protocol and AES-256 encryption. This feature ensures secure communication between nodes, enhancing the overall security of your deployments.

License Requirement

To enable advanced node-to-node data encryption, users must purchase the Enterprise license with the advanced security option.

Configuration Instructions

To configure node-to-node encryption, mount the shared secret to all containers using the following configuration:

./security-config.json:/opt/gluesync/data/security-config.json

Customization Details

Users can customize the Diffie-Hellman keys in the security-config.json file. Below is an example configuration:

{
  "dh": {
    "diffieHellmanPassword": "gluesync-password",
    "salt": "gluesync-salt"
  }
}

Make sure to replace the diffieHellmanPassword and salt with your own secure values.