I'm giving this a try. Looks like you have to specify the AES algorithm
when creating the store, so the command is like this:
keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS *-keyalg AES
-keysize 256* -alias mykey
On Fri, Apr 4, 2014 at 7:21 AM, Andrus Adamchik <and...@objectstyle.org>wrote:
> So the crypto module is done and available on trunk. Here is a minimal
> configuration that will do AES/CBC encryption:
>
> 1. Create a keystore and generate a secret key in it:
>
> keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias mykey
>
> 2. Start Cayenne with crypto:
>
> // this can also be a URL or a String representing URL
> File keyStore = new File("/tmp/ks1.jceks”);
>
> // obtain this somehow
> char[] keyPassword = ..
>
> // “mykey” is the key alias in #1
> Module crypto = new CryptoModuleBuilder().keyStore(keyStore,
> keyPassword, “mykey").build();
>
> // this will enable encryption/decryption for all columns matching
> ^CRYPTO_ regex
> // those must be either character or binary columns
> ServerRuntime runtime = new ServerRuntime(“cayenne-myproject.xml",
> crypto);
>
>
> So just 3 lines of code give you the encryption. Of course it is fully
> customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the
> code is pretty raw, so it may break or may be refactored as we find bugs. I
> still need to study the performance and tweak as needed. Also there are
> certain strategies are not yet available. E.g. we only support block
> ciphers in CBC mode (as this is what I am planning to use in my apps). We
> will add support for ECB and also streaming ciphers eventually.
>
> But … everyone is free to give it a try ;)
>
> Andrus
>
>
