JGroups Protocol ENCRYPT: Difference between revisions
Line 19: | Line 19: | ||
The shared keystore encryption encrypts all events of a type MSG that have a non-null message buffer. The protocol can be inserted at any position in the stack, and it is not dependent by a coordinator to generate and distribute the key. | The shared keystore encryption encrypts all events of a type MSG that have a non-null message buffer. The protocol can be inserted at any position in the stack, and it is not dependent by a coordinator to generate and distribute the key. | ||
This is using symmetric encryption with a secret key that is stored in a keystore. | This is using symmetric encryption with a secret key that is stored in a keystore. | ||
The configuration is similar to: | |||
<pre> | |||
<ENCRYPT | |||
key_store_name="defaultStore.keystore" | |||
store_password="some_password" | |||
alias="the_secret_key_alias_in_store"/> | |||
</pre> | |||
==Dynamic Key Generation== | ==Dynamic Key Generation== | ||
<font color=red>TODO</font> | <font color=red>TODO</font> |
Revision as of 23:53, 3 June 2016
External
- http://www.jgroups.org/manual/index.html#Security
- https://github.com/belaban/JGroups/blob/master/doc/ENCRYPT.html
Internal
Overview
The ENCRYPT protocol has the role of encrypting messages in transit between JGroups nodes that belong to the same group. Message body data in clear coming down the JGroups stack on the sending node enters the ENCRYPT layer, gets encrypted and travels in encrypted form to all peers in the JGroups group, thus becoming opaque to whoever would monitor the low level traffic on the network. Once inside the receiving node JGroups stack, data is sent up the stack until it reaches the ENCRYPT layer, where it gets decrypted and turned into clear text which then gets sent up the stack.
Encryption Modes
The modes are mutually exclusive, all JGroups members in the group must be configured in the same way.
The shared keystore encryption encrypts all events of a type MSG that have a non-null message buffer. The protocol can be inserted at any position in the stack, and it is not dependent by a coordinator to generate and distribute the key. This is using symmetric encryption with a secret key that is stored in a keystore.
The configuration is similar to:
<ENCRYPT key_store_name="defaultStore.keystore" store_password="some_password" alias="the_secret_key_alias_in_store"/>
Dynamic Key Generation
TODO