cayenne-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Huss <johnth...@gmail.com>
Subject Re: cayenne-crypto
Date Tue, 22 Apr 2014 22:07:01 GMT
I'm giving this a try.  Looks like you have to specify the AES algorithm
when creating the store, so the command is like this:

keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS *-keyalg AES
-keysize 256* -alias mykey


On Fri, Apr 4, 2014 at 7:21 AM, Andrus Adamchik <andrus@objectstyle.org>wrote:

> So the crypto module is done and available on trunk. Here is a minimal
> configuration that will do AES/CBC encryption:
>
> 1. Create a keystore and generate a secret key in it:
>
>   keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias mykey
>
> 2. Start Cayenne with crypto:
>
>   // this can also be a URL or a String representing URL
>   File keyStore = new File("/tmp/ks1.jceks”);
>
>   // obtain this somehow
>   char[] keyPassword = ..
>
>   // “mykey” is the key alias in #1
>   Module crypto = new CryptoModuleBuilder().keyStore(keyStore,
> keyPassword, “mykey").build();
>
>   // this will enable encryption/decryption for all columns matching
> ^CRYPTO_ regex
>   // those must be either character or binary columns
>   ServerRuntime  runtime = new ServerRuntime(“cayenne-myproject.xml",
> crypto);
>
>
> So just 3 lines of code give you the encryption. Of course it is fully
> customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the
> code is pretty raw, so it may break or may be refactored as we find bugs. I
> still need to study the performance and tweak as needed. Also there are
> certain strategies are not yet available. E.g. we only support block
> ciphers in CBC mode (as this is what I am planning to use in my apps). We
> will add support for ECB and also streaming ciphers eventually.
>
> But … everyone is free to give it a try ;)
>
> Andrus
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message