Return-Path: X-Original-To: apmail-cayenne-dev-archive@www.apache.org Delivered-To: apmail-cayenne-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BAEB210CB8 for ; Tue, 8 Apr 2014 05:13:58 +0000 (UTC) Received: (qmail 33500 invoked by uid 500); 8 Apr 2014 05:13:57 -0000 Delivered-To: apmail-cayenne-dev-archive@cayenne.apache.org Received: (qmail 33382 invoked by uid 500); 8 Apr 2014 05:13:51 -0000 Mailing-List: contact dev-help@cayenne.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cayenne.apache.org Delivered-To: mailing list dev@cayenne.apache.org Received: (qmail 33371 invoked by uid 99); 8 Apr 2014 05:13:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Apr 2014 05:13:46 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of malcolm.edgar@gmail.com designates 209.85.219.54 as permitted sender) Received: from [209.85.219.54] (HELO mail-oa0-f54.google.com) (209.85.219.54) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Apr 2014 05:13:41 +0000 Received: by mail-oa0-f54.google.com with SMTP id n16so475641oag.13 for ; Mon, 07 Apr 2014 22:13:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ZWIY3TIOMy+/3RGoU8LZo2U0ntU+5bae01J9WY0KGEw=; b=okrnve7DUM8DFv9Ljz8kbQVZx0g4mqze7r0RNHFjgujCoC7k6L9NZigbOw7GJmztth uwH+NVE/COInbjB/+p7zD6Kes1NLWxIKSP+MemKJbrXzyArsw6H89L7s00h0Ul+zm4U7 2wt07xHisLXNHtL/wJJUzXprkSSLuwE1EfPwbDO9qG+4CgO63qu5TUqG72baKgOPGMLZ 5hzxy/rO/mAFxRYDFKVE0wtZFwLv0TPli5jx+gtDhUcqStnYj3zroAzDZekd5ZPhmKH8 nPDwnNVORSHHW9tKmJgNGNrJpIrIZR3GI4TyEJwdRMNjWzxO1qqFurVG8T31UfVDNgwK ch5Q== MIME-Version: 1.0 X-Received: by 10.182.135.228 with SMTP id pv4mr39408obb.62.1396933999087; Mon, 07 Apr 2014 22:13:19 -0700 (PDT) Received: by 10.76.109.14 with HTTP; Mon, 7 Apr 2014 22:13:18 -0700 (PDT) In-Reply-To: References: <371C206B-90E3-40E1-AC1D-B9401A18F14F@objectstyle.org> <8341D757-D397-41C0-B27C-89563BFF7E90@objectstyle.org> <53425E4F.6090901@maniatis.org> <5098F15A-9F01-4129-BBAD-61F1513A8063@objectstyle.org> Date: Tue, 8 Apr 2014 15:13:18 +1000 Message-ID: Subject: Re: cayenne-crypto From: Malcolm Edgar To: dev Content-Type: multipart/alternative; boundary=089e0112c5d2ca593304f6810a51 X-Virus-Checked: Checked by ClamAV on apache.org --089e0112c5d2ca593304f6810a51 Content-Type: text/plain; charset=ISO-8859-1 Hi Andrus, Yes I think it would be useful, for storing data. The management of the symetrical encryption keys, it the trickiest thing in this space and reducing their exposure. Its probably worthwhile having an option to GZIP compress the data before you store it, for larger values (> 1K). regards On Tue, Apr 8, 2014 at 12:18 AM, Andrus Adamchik wrote: > Hi Malcolm, > > Cool. Yeah, that's what cayenne-crypto will use by default (AES/CBC). > > BTW, since you are already using cryptography on your projects, what's > your opinion on the Cayenne crypto effort? Would that be useful in your > situation? (not saying you should switch immediately, just your general > assessment) > > Cheers, > Andrus > > > On Apr 7, 2014, at 5:09 PM, Malcolm Edgar wrote: > > > We use AES-256 CBC for data encryption, it an approved crypto algorithm > for > > Top Secret classification data, in US and Australia, and its still very > > fast. > > > > The only issue with AES-256 is that you will need to ensure the JDK is > > patched with the 'Java Cryptography Extension (JCE) Unlimited Strength > > Jurisdiction Policy Files' to support it. > > > > > http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html > > > > regards Malcolm Edgar > > > > > > On Mon, Apr 7, 2014 at 6:42 PM, Andrus Adamchik >wrote: > > > >> I can't "name names", but I can answer in general terms. This is to > >> protect sensitive business data. Not (yet) about any specific gov. > >> compliance. This protects pieces of data against DBA's, QA and > developers > >> who have legitimate access to production DB and its backups. As well as > >> hackers who may steal such a backup from someone's laptop. > >> > >> The app server will keep unencrypted data in memory, so hacking an > >> appserver and taking a memory dump will leak some of the data. With > default > >> KeySource it will also reveal the key. A more secure version > >> (certificate-based logins?) might keep user-specific keys in a session, > >> reducing the attack time window. This improvement may also serve as an > >> authorization tool - different users have different keys, so they can > only > >> decrypt the data they are authorized for. > >> > >>> Are you seeing the AES encryption performance to be symmetrical between > >> select and insert? > >> > >> Meaning the speed of encryption vs. decryption? Will need to check. I > only > >> did a combined test now. But I suspect both will be of the same order. > >> > >> Andrus > >> > >> > >> > >> On Apr 7, 2014, at 11:14 AM, Aristedes Maniatis > wrote: > >>> Out of curiosity, if you can discuss, what are you using this for? Is > >> this some sort of PCI DSS compliance, or privacy or health? Do you get > any > >> real security (since all the objects must exist in plain text everywhere > >> between Cayenne/html rendering engine/servlets/container/proxy until the > >> SSL layer kicks in). Or is this to prevent the DBA from poking their > nose > >> where it should not be? > >>> > >>> Are you seeing the AES encryption performance to be symmetrical between > >> select and insert? > >>> > >>> > >>> Ari > >>> > >>> > >>> On 7/04/2014 4:56pm, Andrus Adamchik wrote: > >>>> Also some early performance data. In my tests with a local DB and a > mix > >> of select/insert operations using AES with 128-bit key wasn't noticeably > >> slower than using no encryption at all. Using 256-bit key resulted in > 10% > >> overhead. While these are great results, take it with a grain of salt > for > >> now until we get more use cases and start using it in production. > >>>> > >>>> Andrus > >>>> > >>>> > >>>> On Apr 4, 2014, at 3:21 PM, Andrus Adamchik > >> wrote: > >>>> > >>>>> So the crypto module is done and available on trunk. Here is a > minimal > >> configuration that will do AES/CBC encryption: > >>>>> > >>>>> 1. Create a keystore and generate a secret key in it: > >>>>> > >>>>> keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias > >> mykey > >>>>> > >>>>> 2. Start Cayenne with crypto: > >>>>> > >>>>> // this can also be a URL or a String representing URL > >>>>> File keyStore = new File("/tmp/ks1.jceks"); > >>>>> > >>>>> // obtain this somehow > >>>>> char[] keyPassword = .. > >>>>> > >>>>> // "mykey" is the key alias in #1 > >>>>> Module crypto = new CryptoModuleBuilder().keyStore(keyStore, > >> keyPassword, "mykey").build(); > >>>>> > >>>>> // this will enable encryption/decryption for all columns matching > >> ^CRYPTO_ regex > >>>>> // those must be either character or binary columns > >>>>> ServerRuntime runtime = new ServerRuntime("cayenne-myproject.xml", > >> crypto); > >>>>> > >>>>> > >>>>> So just 3 lines of code give you the encryption. Of course it is > fully > >> customizable. See 'CryptoModuleBuilder' for what can be extended. Also > the > >> code is pretty raw, so it may break or may be refactored as we find > bugs. I > >> still need to study the performance and tweak as needed. Also there are > >> certain strategies are not yet available. E.g. we only support block > >> ciphers in CBC mode (as this is what I am planning to use in my apps). > We > >> will add support for ECB and also streaming ciphers eventually. > >>>>> > >>>>> But ... everyone is free to give it a try ;) > >>>>> > >>>>> Andrus > >>>>> > >>>>> > >>>> > >>> > >>> -- > >>> --------------------------> > >>> Aristedes Maniatis > >>> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A > >>> > >> > >> > > --089e0112c5d2ca593304f6810a51--