cayenne-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <and...@objectstyle.org>
Subject Re: cayenne-crypto
Date Fri, 01 Aug 2014 13:09:48 GMT
Hi John,

Yeah good point. Not using CayenneFilter myself, so I overlooked this configuration. 

Perhaps we start using ServerRuntimeBuilder inside CayenneFilter and expose a method that
can add custom stuff to ServerRuntimeBuilder.

A.

On Jul 17, 2014, at 2:42 PM, John Huss <johnthuss@gmail.com> wrote:

> In cases where CayenneFilter is being used, the ServerRuntime is created
> internally by Cayenne. How to I add in the crypto module?
> 
> Module crypto = new CryptoModuleBuilder().keyStore(keyFile,
>> keyPassword.toCharArray(), alias).build();
> 
> Perhaps CayenneFilter needs to expose a method that can be overridden to
> add modules to the set of modules declared in the web.xml?
> 
> John
> 
> 
> 
> 
> On Tue, Apr 22, 2014 at 5:07 PM, John Huss <johnthuss@gmail.com> wrote:
> 
>> I'm giving this a try.  Looks like you have to specify the AES algorithm
>> when creating the store, so the command is like this:
>> 
>> keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS *-keyalg AES
>> -keysize 256* -alias mykey
>> 
>> 
>> On Fri, Apr 4, 2014 at 7:21 AM, Andrus Adamchik <andrus@objectstyle.org>
>> wrote:
>> 
>>> So the crypto module is done and available on trunk. Here is a minimal
>>> configuration that will do AES/CBC encryption:
>>> 
>>> 1. Create a keystore and generate a secret key in it:
>>> 
>>>  keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias
>>> mykey
>>> 
>>> 2. Start Cayenne with crypto:
>>> 
>>>  // this can also be a URL or a String representing URL
>>>  File keyStore = new File("/tmp/ks1.jceks”);
>>> 
>>>  // obtain this somehow
>>>  char[] keyPassword = ..
>>> 
>>>  // “mykey” is the key alias in #1
>>>  Module crypto = new CryptoModuleBuilder().keyStore(keyStore,
>>> keyPassword, “mykey").build();
>>> 
>>>  // this will enable encryption/decryption for all columns matching
>>> ^CRYPTO_ regex
>>>  // those must be either character or binary columns
>>>  ServerRuntime  runtime = new ServerRuntime(“cayenne-myproject.xml",
>>> crypto);
>>> 
>>> 
>>> So just 3 lines of code give you the encryption. Of course it is fully
>>> customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the
>>> code is pretty raw, so it may break or may be refactored as we find bugs. I
>>> still need to study the performance and tweak as needed. Also there are
>>> certain strategies are not yet available. E.g. we only support block
>>> ciphers in CBC mode (as this is what I am planning to use in my apps). We
>>> will add support for ECB and also streaming ciphers eventually.
>>> 
>>> But … everyone is free to give it a try ;)
>>> 
>>> Andrus
>>> 
>>> 
>> 


Mime
View raw message