Is that okay from a GDPR perspective? What if there's an exploit discovered in the implementation of the encryption? Or what if quantum computers can crack it easily in the future?
It is ok for GDPR, it is axon uses it in their commercial GDPR modul (better then our but same principale).
Broken encryption, 20 years better machines in future and quantum are solved with same trick. We have event sourcing.
Implement best current encryption, delete everything except event store, decrypt events with old encryption publish events and everything in now encrypted with best current encryption events in new store. Delete deprecated old event store. Skip aggregates with deleted old key.
Broken encryption, 20 years better machines in future and quantum are solved with same trick. We have event sourcing.
Implement best current encryption, delete everything except event store, decrypt events with old encryption publish events and everything in now encrypted with best current encryption events in new store. Delete deprecated old event store. Skip aggregates with deleted old key.