Encryption Service
Component Detail
Service Layer
medium complexity
shared
0
Dependencies
0
Dependents
3
Entities
0
Integrations
Description
Handles end-to-end encryption and decryption of assignment payloads using per-recipient public keys. Ensures sensitive personal and medical data is cryptographically protected in transit and at rest.
encryption-service
Sources & reasoning
Source §3.1 explicitly lists encrypted assignment dispatch with delivery/read receipts and 10-day reminder as a Blindeforbundet must-have. §5 places 'Kryptert oppdragsutsendelse med statussporing' in Fase 2 Kjerneprodukt, which maps to target_release 'Core Product'.
-
docs/source/likeperson.md · line 55-58Kryptert oppdragshandtering: Sende sensitive personopplysninger (navn, adresse, epikrise) til likepersoner med leveringsbekreftelse og lesebekreftelse. Statusoversikt over apne oppdrag. Automatisk paminnelse etter 10 dager dersom kontakt ikke er oppr
-
docs/source/likeperson.md · line 259Kryptert oppdragsutsendelse med statussporing (Blindeforbundet-kritisk)
Responsibilities
- Encrypt assignment payloads with recipient's public key before dispatch
- Decrypt incoming payloads on the mentor device using local private key
- Validate payload integrity via authenticated encryption (AEAD)
- Handle key rotation events without breaking active assignments
- Surface decryption failures with auditable error codes
Interfaces
encryptPayload(payload, recipientPublicKey): EncryptedBlob
decryptPayload(blob, privateKey): AssignmentPayload
verifyIntegrity(blob): boolean
Related Data Entities (3)
Data entities managed by this component