Feature: Modules

From Yombo
Jump to: navigation, search

Yombo implements GPG encryption to protect sensitive data in transit as well as data at rest. This helps to ensure your data stays yours.

About GPG

When a gateway is first configured, it creates a public and private key set. The public key is transmitted to various locations so others can send encrypted data to the local gateway. The private key is stored locally and is never transmitted anywhere. The private key's passphrase is stored within the installation directory. It's important to keep access to the Yombo gateway installation folder secure as the private key and it's passphrase is stored within the installation directory.

Yombo servers will not have access to the private key or it's passphase. It's import that the user create a backup after installation and setup is complete.

Data at rest

Some configuration settings or device settings may require usernames and passwords. Due to the sensitivity of these fields, they will be encrypted using using GPG key pair that was generated by the gateway. If an application send non-encrypted data to the Yombo servers for a field marked as encrypted, the Yombo servers will encrypt the data using the gateway's public key, which only the private key can decrypt.

Data in transit

Remote applications can send encrypted data to the gateway using the gateway's publish public key. This allows data in transit to be secure against eves dropping.

How GPG works

For a more detailed description see the WikiPedia article about GPG].

In short, GPG implements public-key cryptography. A sender may use the public key to encrypt data that can only be decrypted using the private key.

Yombo stores data at rest at rest gateway's public key. This is used to secure account passwords or other sensitive data. Mobile applications, scripts, etc also use the gateway's public key to encrypt messages before being sent to the gateway. This helps to ensure that only the recipient can decrypt the message and act on it.