mirror of
https://github.com/nais/wonderwall.git
synced 2026-05-07 00:46:56 +00:00
0537c8172f
Replace the usage of a single application-wide session crypter with per-session crypters. The application is no longer able to decrypt any session encrypted with its symmetric key alone. Instead, a session ticket with its associated data encryption key (DEK) is also required in order to decrypt the associated session data. The ticket itself is encrypted with the application's crypter; the latter of which is effectively a key-encryption key (KEK). Fixes #49.