What:
Dovetail will provide a optional parameter "-e" ("–encrypt") for user to encrypt the test report.
With this parameter, dovetail will generate a report in cipher-text and a secret key in cipher-text together instead of a single plain-text report.
Why:
The report in plain-text is vulnerable from malicious attacks.
If user want to secure their report and do not want the report be peeked at by any unexpected person,they can simply add this parameter into the command line.
Users do not need to know or learn any details about that how to encrypt.
How:
First make sure you get a RSA public key from whom will receive your report, may be it is a 3rd party certification authority.
The whole encryption and decryption workflow show as following:
- dovetail generate a report and a random secret key
- encrypt this report with this secret key by AES256 encryption algorithm
- encrypt this secret key with RSA public key by RSA encryption algorithm
- send encrypted report and secret key to your target receiver
- the receiver decrypt the secret key with his own RSA private key to get original secret key
- then receiver decrypt the report with this secret key to get the plain-text report
.png?version=1&modificationDate=1482805986000&cacheVersion=1&api=v2&width=911&height=556)