So the crypto module is done and available on trunk. Here is a minimal
configuration that will do AES/CBC encryption:
1. Create a keystore and generate a secret key in it:
keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias mykey
2. Start Cayenne with crypto:
// this can also be a URL or a String representing URL
File keyStore = new File("/tmp/ks1.jceks”);
// obtain this somehow
char[] keyPassword = ..
// “mykey” is the key alias in #1
Module crypto = new CryptoModuleBuilder().keyStore(keyStore, keyPassword,
“mykey").build();
// this will enable encryption/decryption for all columns matching ^CRYPTO_
regex
// those must be either character or binary columns
ServerRuntime runtime = new ServerRuntime(“cayenne-myproject.xml", crypto);
So just 3 lines of code give you the encryption. Of course it is fully
customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the code
is pretty raw, so it may break or may be refactored as we find bugs. I still
need to study the performance and tweak as needed. Also there are certain
strategies are not yet available. E.g. we only support block ciphers in CBC
mode (as this is what I am planning to use in my apps). We will add support for
ECB and also streaming ciphers eventually.
But … everyone is free to give it a try ;)
Andrus
