Appearance
KEK Rotate-and-Rewrap Procedure (Draft)
Hierarchies
Client evidence
user PIN → PBKDF2 → AES-256-GCM envelope → evidence ciphertext
Gateway alert store (B0+)
ALERT_DATA_KEK (KEK) → wrap per-row DEK → encrypt field with DEK + AAD(tenant_id:alert_id:field)kek_key_id identifies which KEK wrapped the DEK (default env:ALERT_DATA_KEK).
Rotate gateway data KEK (never env-swap alone)
- Generate new 32-byte KEK; register as
kek_key_id = env:ALERT_DATA_KEK_v2(or KMS id). - Keep old KEK addressable in a registry until rewrap completes.
- Background job: for each alert row, unwrap DEK with old KEK, wrap with new KEK, update
wrapped_dek+kek_key_id. - Verify sample decrypts; then retire old KEK from hot config.
- Document cutover time for DPIA.
Rotate gateway signing keypair
pnpm --filter @waspada/gateway-api provision→ new PEM pair.- Deploy dual-verify window: accept signatures from old and new public keys.
- Switch signing to new private key.
- After grace period, remove old public key from verify set.
- Partners: rotate
PARTNER_KEYS_JSONentries independently (max keys per partner enforced).
Incident: KEK compromise
Treat as data breach for ciphertext that can be unwrapped. Rotate KEK, rewrap if DEKs still valid, force re-encrypt or shred per legal advice.