Also, I'm getting a ClassCastException when using a VARBINARY column in MySQL 5.6.x mapped to a String. The value is String in the Map and when it casts it to a byte[] in BytesToBytesConverter.toBytes() it blows up. I'm not sure why it is a String since the column is binary, but it is.
On Thu, Jul 17, 2014 at 1:42 PM, John Huss <[email protected]> wrote: > In cases where CayenneFilter is being used, the ServerRuntime is created > internally by Cayenne. How to I add in the crypto module? > > Module crypto = new CryptoModuleBuilder().keyStore(keyFile, >> keyPassword.toCharArray(), alias).build(); > > Perhaps CayenneFilter needs to expose a method that can be overridden to > add modules to the set of modules declared in the web.xml? > > John > > > > > On Tue, Apr 22, 2014 at 5:07 PM, John Huss <[email protected]> wrote: > >> I'm giving this a try. Looks like you have to specify the AES algorithm >> when creating the store, so the command is like this: >> >> keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS *-keyalg >> AES -keysize 256* -alias mykey >> >> >> On Fri, Apr 4, 2014 at 7:21 AM, Andrus Adamchik <[email protected]> >> wrote: >> >>> So the crypto module is done and available on trunk. Here is a minimal >>> configuration that will do AES/CBC encryption: >>> >>> 1. Create a keystore and generate a secret key in it: >>> >>> keytool -genseckey -keystore /tmp/ks1.jceks -storetype JCEKS -alias >>> mykey >>> >>> 2. Start Cayenne with crypto: >>> >>> // this can also be a URL or a String representing URL >>> File keyStore = new File("/tmp/ks1.jceks”); >>> >>> // obtain this somehow >>> char[] keyPassword = .. >>> >>> // “mykey” is the key alias in #1 >>> Module crypto = new CryptoModuleBuilder().keyStore(keyStore, >>> keyPassword, “mykey").build(); >>> >>> // this will enable encryption/decryption for all columns matching >>> ^CRYPTO_ regex >>> // those must be either character or binary columns >>> ServerRuntime runtime = new ServerRuntime(“cayenne-myproject.xml", >>> crypto); >>> >>> >>> So just 3 lines of code give you the encryption. Of course it is fully >>> customizable. See ‘CryptoModuleBuilder’ for what can be extended. Also the >>> code is pretty raw, so it may break or may be refactored as we find bugs. I >>> still need to study the performance and tweak as needed. Also there are >>> certain strategies are not yet available. E.g. we only support block >>> ciphers in CBC mode (as this is what I am planning to use in my apps). We >>> will add support for ECB and also streaming ciphers eventually. >>> >>> But … everyone is free to give it a try ;) >>> >>> Andrus >>> >>> >> >
