ACRA 0.83.0 RELEASE

As the days were getting shorter, our pull requests were getting longer, and here we are now, proud to present Acra 0.83.0. Its distinctive new feature is the AcraRotate utility, which allows you easily rotate the storage keys on a regular basis or perform an emergency key rotation if you’ve detected (or suspect) a compromise of the client app.

SQL filtering got more flexible — the new 6 patterns (including SUBQUERY and LIST_OF_VALUES) allow deep customisation for configuring the accepted queries and blocking malicious requests.

Starting with Acra 0.83.0, all of the current documentation for Acra can only be found on the Cossack Labs Documentation server (you can also find the documentation for our other product, i.e. Themis and Hermes).

One of the easiest ways to try Acra is to deploy it with Docker However if you don’t wish to install a thing, but still want to experience the full might of Acra, we are proud to present the Acra Live Demo — a web-based demo of a typical web-infrastructure protected by Acra and deployed on our servers for your convenience. Encrypt data from a Python application, store it in a PostgreSQL database, decrypt data through Acra – in just one click. Try to run malicious SQL queries and watch how they are blocked by AcraCensor.

Request access to Acra Live Demo now, it’s free!

Some other noteworthy updates in the new version of Acra:

Core

  • Security
    • Updated the default and allowed TLS configurations (#254).
    • Improved security of transport connection between Acra's services by validating the clientId length. This decreases the chance of misusing the clientId (#253).
  • Key management
    • Added AcraRotate utility for rotation of Zone keys and re-encryption of AcraStructs. AcraRotate generates a new Zone keypair for a particular ZoneId and re-encrypts the corresponding AcraStructs with new keys. ZoneId stays the same (#256, #239).
  • AcraCensor – SQL filter and firewall
  • AcraWriter
    • Added Java/Android AcraWriter library, added examples and tests (#252). Read the usage guide and examples in examples/android_java folder.
    • Added SQLAlchemy type wrappers for the Python AcraWriter (#257).
    • Improved and refactored the Python AcraWriter example of encrypting data and reading it from the database (#258).
  • Prometheus Metrics
    • Added functionality for exporting the basic metrics of AcraServer, AcraConnector, and AcraTranslator to Prometheus (#260, #251, #234).
  • Else
    • Improved AcraConnector's compatibility with PostgreSQL: AcraConnector now correctly handles the database's denial to use TLS connection (#259).
    • Added export of CLI parameters for AcraServer, AcraConnector, and AcraTranslator to markdown (#261).
    • Improved readability of CEF-formatted logs by sorting extension fields in alphabetical order (#255).
    • Improved quality of our codebase — cleaned up the old unnecessary code (#250).

Infrastructure

  • Added AcraRotate as a ready-to-use tool inside AcraTranslator and AcraServer Docker containers (#236).

Documentation

Copyright © 2014-2018 Cossack Labs Limited
Cossack Labs is a privately-held British company with a team of data security experts based in Kyiv, Ukraine.