FHIR Chat · Encryption · implementers

Stream: implementers

Topic: Encryption

view this post on Zulip Jeremy Chapman (Jun 14 2019 at 21:38):

If I want to encrypt part of the message (except the header) are there any recommended approaches to doing that? How would I encrypt specific resources in a message?

view this post on Zulip Grahame Grieve (Jun 14 2019 at 21:39):

'the message" - can you provide context?

view this post on Zulip Jeremy Chapman (Jun 14 2019 at 21:46):

Message meaning a bundle where the first resource entry is a MessageHeader. We are implementing a distribution system, where we want to encrypt most of the message with a public key so that only the receiver can decrypt it, but we need to leave some of the message decrypted to allow the distribution system to route the message appropriately.

view this post on Zulip Grahame Grieve (Jun 14 2019 at 21:47):

we have no arrangements for internal encryption inside a bundle. All I can suggest is that the normal way to do this is to use a mime package, and put the things you want to route on in the mime headers

view this post on Zulip Jeremy Chapman (Jun 14 2019 at 21:49):

You mean a multipart mime? so the first boundary might include a bundle with the message header and a secondary boundary might be an encrypted bundle?

view this post on Zulip Grahame Grieve (Jun 14 2019 at 21:55):

well, that would be one way to do it, yes. Though I was expecting a single encrpyted part with some headers that were used for routing.

view this post on Zulip Jeremy Chapman (Jun 14 2019 at 21:59):

Great, thanks for the input

view this post on Zulip Grahame Grieve (Jun 14 2019 at 22:01):

see e.g. https://tools.ietf.org/html/rfc8188

view this post on Zulip Grahame Grieve (Jun 14 2019 at 22:02):

and https://tools.ietf.org/html/rfc1847

view this post on Zulip Marius Antoniu Raceanu (Sep 12 2020 at 10:21):

Hi @ll I'm a newbie in this chat, i need help.... I want to encrypt and add a singature to a bundle in JSON... 1. With JWT and JOSE? OR 2. Write the code in the JSON Bundle like in https://www.researchgate.net/publication/259182302_JSON_encryption ?

view this post on Zulip Marius Antoniu Raceanu (Sep 12 2020 at 10:22):

Hi @ll I'm a newbie in this chat, i need help.... I want to encrypt and add a singature to a bundle in JSON... 1. With JWT and JOSE? OR 2. Write the code in the JSON Bundle like in https://www.researchgate.net/publication/259182302_JSON_encryption ?

view this post on Zulip Lloyd McKenzie (Sep 12 2020 at 13:58):

As a rule, encrypting content is handled at the transport layer - and at that level you can do whatever you like. If you choose to encrypt a resource within the FHIR space, you'd have to send it as a Binary - and would lose the ability to reference it as normal. E.g. You can't have a MedicationRequest point to a Binary (that happens to contain an encrypted Patient). Bundle.signature is governed by the rules here: http://build.fhir.org/datatypes.html#JSON. However, the rules aren't normative yet, so we can still evolve them based on implementer feedback. (There hasn't been a whole lot of signature implementation in the community yet.)

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -