🏠 Overview 🧩 Components 🧩 AssignmentEncryptionService

AssignmentEncryptionService

Component Detail

Infrastructure medium complexity mobilebackend
0
Dependencies
0
Dependents
1
Entities
0
Integrations

Description

Provides end-to-end encryption and decryption of assignment payloads using asymmetric cryptography so that sensitive personal data is never readable by the server. Manages key generation, public key retrieval for recipients, and secure key storage on device. Ensures that only the intended peer mentor's private key can decrypt a dispatched assignment.

Feature: Encrypted Assignment Dispatch

assignment-encryption-service

Sources & reasoning

Source lines 94-95 directly specify end-to-end encrypted dispatch with delivery/read confirmation and a 10-day reminder. Line 153 classifies this MUST for Blindeforbundet in Fase 2 of the priority matrix, and line 345 repeats it as Fase 2 critical in the roadmap. Fase 2 normalises to v1.0. The feature is the core unlock for Blindeforbundet's digital workflow and cannot be deferred.

  • docs/source/likeperson.md · line 94-95
    Kryptert oppdragshåndtering: Sende sensitive personopplysninger (navn, adresse, epikrise) til likepersoner med leveringsbekreftelse og lesebekreftelse. Statusoversikt over åpne oppdrag. Automatisk påminnelse etter 10 dager dersom kontakt ikke er oppr
  • docs/source/likeperson.md · line 153
    Kryptert oppdragshåndtering | - | - | ✓ | - | ✓ | MUST (Blindeforbundet) | 2
  • docs/source/likeperson.md · line 345
    Kryptert oppdragsutsendelse med statussporing (Blindeforbundet-kritisk)

Responsibilities

  • Generate and securely store asymmetric key pairs per user on device
  • Publish and retrieve peer mentor public keys for encryption
  • Encrypt assignment payloads with the recipient's public key before transmission
  • Decrypt received ciphertext using the local private key after authentication
  • Provide key rotation support and handle key loss recovery flows

Interfaces

generateKeyPair(): Promise<CryptoKeyPair>
getPublicKey(mentorId: string): Promise<CryptoKey>
encryptPayload(payload: AssignmentPayload, recipientPublicKey: CryptoKey): Promise<ArrayBuffer>
decryptPayload(ciphertext: ArrayBuffer, privateKey: CryptoKey): Promise<AssignmentPayload>
storePrivateKey(privateKey: CryptoKey): Promise<void>
loadPrivateKey(): Promise<CryptoKey>

Related Data Entities (1)

Data entities managed by this component

Assignment 25 fields core