public class SYM_ENCRYPT extends Encrypt<KeyStore.SecretKeyEntry>
The secret key is identical for all cluster members and is injected into this protocol at startup, e.g. by reading it from a keystore. Messages are sent by encrypting them with the secret key and received by decrypting them with the secret key. Note that all cluster members must be shipped with the same keystore file
This protocol is typically placed under NAKACK2
, so that most important
headers are encrypted as well, to prevent replay attacks.
A possible configuration looks like this:
<SYM_ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>
In order to use SYM_ENCRYPT layer in this manner, it is necessary to have the secret key already generated in a
keystore file. The directory containing the keystore file must be on the application's classpath. You cannot create a
secret key keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is
included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore.
Encrypt.Decrypter
Modifier and Type | Field and Description |
---|---|
protected String |
alias |
protected String |
key_password |
protected String |
keystore_name |
protected String |
keystore_type |
protected String |
store_password |
asym_algorithm, asym_keylength, cipher_pool_size, decoding_ciphers, DEFAULT_SYM_ALGO, encoding_ciphers, encrypt_entire_message, key_map, key_map_max_size, local_addr, provider, secret_key, sign_msgs, sym_algorithm, sym_keylength, sym_version, use_adler, view
after_creation_hook, down_prot, ergonomics, id, log, stack, stats, up_prot
Constructor and Description |
---|
SYM_ENCRYPT() |
Modifier and Type | Method and Description |
---|---|
String |
alias() |
SYM_ENCRYPT |
alias(String a) |
protected InputStream |
getKeyStoreSource() |
void |
init()
Called after instance has been created (null constructor) and before protocol is started.
|
String |
keystoreName() |
SYM_ENCRYPT |
keystoreName(String n) |
protected void |
readSecretKeyFromKeystore()
Initialisation if a supplied key is defined in the properties.
|
void |
setKeyStoreEntry(KeyStore.SecretKeyEntry entry)
Sets the key store entry used to configure this protocol.
|
void |
setSecretKey(SecretKey key) |
String |
storePassword() |
SYM_ENCRYPT |
storePassword(String pwd) |
_decrypt, adler, adler, asymAlgorithm, asymAlgorithm, asymKeylength, asymKeylength, code, computeChecksum, createChecksummer, createCipher, decryptChecksum, decryptMessage, down, down, encryptAndSend, encryptChecksum, encryptEntireMessage, encryptEntireMessage, getAlgorithm, handleEncryptedMessage, handleUnknownVersion, handleUpEvent, handleUpMessage, handleView, initSymCiphers, inView, localAddress, process, secretKey, signMessages, signMessages, symAlgorithm, symAlgorithm, symKeylength, symKeylength, symVersion, up, up, up, version
accept, afterCreationHook, destroy, enableStats, getConfigurableObjects, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getLog, getName, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, providedDownServices, providedUpServices, requiredDownServices, requiredUpServices, resetStatistics, resetStats, setDownProtocol, setErgonomics, setId, setLevel, setProperties, setProtocolStack, setSocketFactory, setUpProtocol, setValue, start, statsEnabled, stop
protected String keystore_name
protected String keystore_type
protected String store_password
protected String key_password
protected String alias
public String keystoreName()
public SYM_ENCRYPT keystoreName(String n)
public String alias()
public SYM_ENCRYPT alias(String a)
public String storePassword()
public SYM_ENCRYPT storePassword(String pwd)
public void setKeyStoreEntry(KeyStore.SecretKeyEntry entry)
Encrypt
setKeyStoreEntry
in class Encrypt<KeyStore.SecretKeyEntry>
entry
- a key store entrypublic void setSecretKey(SecretKey key)
public void init() throws Exception
Protocol
init
in class Encrypt<KeyStore.SecretKeyEntry>
Exception
- Thrown if protocol cannot be initialized successfully. This will cause the
ProtocolStack to fail, so the channel constructor will throw an exceptionprotected void readSecretKeyFromKeystore() throws Exception
Exception
protected InputStream getKeyStoreSource() throws FileNotFoundException
FileNotFoundException
Copyright © 2018 JBoss, a division of Red Hat. All rights reserved.