cayenne-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <and...@objectstyle.org>
Subject cayenne-crypto
Date Fri, 04 Apr 2014 12:21:32 GMT
So the crypto module is done and available on trunk. Here is a minimal configuration that will
do AES/CBC encryption:

1. Create a keystore and generate a secret key in it:

  keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias mykey

2. Start Cayenne with crypto:

  // this can also be a URL or a String representing URL
  File keyStore = new File("/tmp/ks1.jceks”); 

  // obtain this somehow
  char[] keyPassword = .. 

  // “mykey” is the key alias in #1
  Module crypto = new CryptoModuleBuilder().keyStore(keyStore, keyPassword, “mykey").build();

  // this will enable encryption/decryption for all columns matching ^CRYPTO_ regex
  // those must be either character or binary columns
  ServerRuntime  runtime = new ServerRuntime(“cayenne-myproject.xml", crypto);


So just 3 lines of code give you the encryption. Of course it is fully customizable. See ‘CryptoModuleBuilder’
for what can be extended. Also the code is pretty raw, so it may break or may be refactored
as we find bugs. I still need to study the performance and tweak as needed. Also there are
certain strategies are not yet available. E.g. we only support block ciphers in CBC mode (as
this is what I am planning to use in my apps). We will add support for ECB and also streaming
ciphers eventually.

But … everyone is free to give it a try ;) 

Andrus


Mime
View raw message