In cases where CayenneFilter is being used, the ServerRuntime is created internally by Cayenne. How to I add in the crypto module?
Module crypto = new CryptoModuleBuilder().keyStore(keyFile, > keyPassword.toCharArray(), alias).build(); Perhaps CayenneFilter needs to expose a method that can be overridden to add modules to the set of modules declared in the web.xml? John On Tue, Apr 22, 2014 at 5:07 PM, John Huss <[email protected]> wrote: > I'm giving this a try. Looks like you have to specify the AES algorithm > when creating the store, so the command is like this: > > keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS *-keyalg AES > -keysize 256* -alias mykey > > > On Fri, Apr 4, 2014 at 7:21 AM, Andrus Adamchik <[email protected]> > wrote: > >> So the crypto module is done and available on trunk. Here is a minimal >> configuration that will do AES/CBC encryption: >> >> 1. Create a keystore and generate a secret key in it: >> >> keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias >> mykey >> >> 2. Start Cayenne with crypto: >> >> // this can also be a URL or a String representing URL >> File keyStore = new File("/tmp/ks1.jceks”); >> >> // obtain this somehow >> char[] keyPassword = .. >> >> // “mykey” is the key alias in #1 >> Module crypto = new CryptoModuleBuilder().keyStore(keyStore, >> keyPassword, “mykey").build(); >> >> // this will enable encryption/decryption for all columns matching >> ^CRYPTO_ regex >> // those must be either character or binary columns >> ServerRuntime runtime = new ServerRuntime(“cayenne-myproject.xml", >> crypto); >> >> >> So just 3 lines of code give you the encryption. Of course it is fully >> customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the >> code is pretty raw, so it may break or may be refactored as we find bugs. I >> still need to study the performance and tweak as needed. Also there are >> certain strategies are not yet available. E.g. we only support block >> ciphers in CBC mode (as this is what I am planning to use in my apps). We >> will add support for ECB and also streaming ciphers eventually. >> >> But … everyone is free to give it a try ;) >> >> Andrus >> >> >
