cayenne-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Huss <johnth...@gmail.com>
Subject Re: cayenne-crypto
Date Thu, 17 Jul 2014 21:49:25 GMT
Also, I'm getting a ClassCastException when using a VARBINARY column in
MySQL 5.6.x mapped to a String.  The value is String in the Map and when it
casts it to a byte[] in BytesToBytesConverter.toBytes() it blows up.  I'm
not sure why it is a String since the column is binary, but it is.


On Thu, Jul 17, 2014 at 1:42 PM, John Huss <johnthuss@gmail.com> wrote:

> In cases where CayenneFilter is being used, the ServerRuntime is created
> internally by Cayenne. How to I add in the crypto module?
>
> Module crypto = new CryptoModuleBuilder().keyStore(keyFile,
>> keyPassword.toCharArray(), alias).build();
>
> Perhaps CayenneFilter needs to expose a method that can be overridden to
> add modules to the set of modules declared in the web.xml?
>
> John
>
>
>
>
> On Tue, Apr 22, 2014 at 5:07 PM, John Huss <johnthuss@gmail.com> wrote:
>
>> I'm giving this a try.  Looks like you have to specify the AES algorithm
>> when creating the store, so the command is like this:
>>
>> keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS *-keyalg
>> AES -keysize 256* -alias mykey
>>
>>
>> On Fri, Apr 4, 2014 at 7:21 AM, Andrus Adamchik <andrus@objectstyle.org>
>> wrote:
>>
>>> So the crypto module is done and available on trunk. Here is a minimal
>>> configuration that will do AES/CBC encryption:
>>>
>>> 1. Create a keystore and generate a secret key in it:
>>>
>>>   keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias
>>> mykey
>>>
>>> 2. Start Cayenne with crypto:
>>>
>>>   // this can also be a URL or a String representing URL
>>>   File keyStore = new File("/tmp/ks1.jceks”);
>>>
>>>   // obtain this somehow
>>>   char[] keyPassword = ..
>>>
>>>   // “mykey” is the key alias in #1
>>>   Module crypto = new CryptoModuleBuilder().keyStore(keyStore,
>>> keyPassword, “mykey").build();
>>>
>>>   // this will enable encryption/decryption for all columns matching
>>> ^CRYPTO_ regex
>>>   // those must be either character or binary columns
>>>   ServerRuntime  runtime = new ServerRuntime(“cayenne-myproject.xml",
>>> crypto);
>>>
>>>
>>> So just 3 lines of code give you the encryption. Of course it is fully
>>> customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the
>>> code is pretty raw, so it may break or may be refactored as we find bugs. I
>>> still need to study the performance and tweak as needed. Also there are
>>> certain strategies are not yet available. E.g. we only support block
>>> ciphers in CBC mode (as this is what I am planning to use in my apps). We
>>> will add support for ECB and also streaming ciphers eventually.
>>>
>>> But … everyone is free to give it a try ;)
>>>
>>> Andrus
>>>
>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message