Need

Protect sensitive information from unauthorized access

Context

• Usage of Elixir (version 1.11 and above) for building scalable and concurrent applications
• Usage of File module for file handling

Description

Non compliant code

        defmodule MyApp.Data do
 def write_to_file(data) do
 File.write("/path/to/file", data)
 end
end
        
        

The below Elixir code writes confidential information into a file without any encryption. This makes it readable for anyone who can gain access to the file.

Steps

• Make use of the :crypto module for encryption purposes.
• Generate a strong encryption key and keep it secure.
• Encrypt sensitive data using the encryption key before storing or transmitting it.
• When retrieving the data, make sure to decrypt it using the same encryption key.

Compliant code

        defmodule MyApp.Data do
 def write_to_file(data, key) do
 {:ok, iv} = :crypto.strong_rand_bytes(16)
 {:ok, cipher} = :crypto.block_encrypt(:aes_cbc128, key, iv, data)
 encrypted_data = iv <> cipher
 File.write("/path/to/file", encrypted_data)
 end
end
        
        

The below Elixir code uses AES encryption (via the :crypto module) to encrypt the data before writing it to a file. This ensures that even if someone gains access to the file, they can't read the data without the encryption key.

References

• 020. Non-encrypted confidential information