I'm giving this a try. Looks like you have to specify the AES algorithm when creating the store, so the command is like this:
keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS *-keyalg AES -keysize 256* -alias mykey On Fri, Apr 4, 2014 at 7:21 AM, Andrus Adamchik <and...@objectstyle.org>wrote: > So the crypto module is done and available on trunk. Here is a minimal > configuration that will do AES/CBC encryption: > > 1. Create a keystore and generate a secret key in it: > > keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias mykey > > 2. Start Cayenne with crypto: > > // this can also be a URL or a String representing URL > File keyStore = new File("/tmp/ks1.jceks”); > > // obtain this somehow > char[] keyPassword = .. > > // “mykey” is the key alias in #1 > Module crypto = new CryptoModuleBuilder().keyStore(keyStore, > keyPassword, “mykey").build(); > > // this will enable encryption/decryption for all columns matching > ^CRYPTO_ regex > // those must be either character or binary columns > ServerRuntime runtime = new ServerRuntime(“cayenne-myproject.xml", > crypto); > > > So just 3 lines of code give you the encryption. Of course it is fully > customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the > code is pretty raw, so it may break or may be refactored as we find bugs. I > still need to study the performance and tweak as needed. Also there are > certain strategies are not yet available. E.g. we only support block > ciphers in CBC mode (as this is what I am planning to use in my apps). We > will add support for ECB and also streaming ciphers eventually. > > But … everyone is free to give it a try ;) > > Andrus > >