JGroups Protocol ENCRYPT: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 25: Line 25:
<pre>
<pre>
<ENCRYPT  
<ENCRYPT  
      key_store_name="defaultStore.keystore"
          key_store_name="defaultStore.keystore"
      store_password="some_password"
          store_password="some_password"
      alias="the_secret_key_alias_in_store"/>
          alias="the_secret_key_alias_in_store"/>
</pre>
</pre>



Revision as of 23:53, 3 June 2016

External

Internal

Overview

The ENCRYPT protocol has the role of encrypting messages in transit between JGroups nodes that belong to the same group. Message body data in clear coming down the JGroups stack on the sending node enters the ENCRYPT layer, gets encrypted and travels in encrypted form to all peers in the JGroups group, thus becoming opaque to whoever would monitor the low level traffic on the network. Once inside the receiving node JGroups stack, data is sent up the stack until it reaches the ENCRYPT layer, where it gets decrypted and turned into clear text which then gets sent up the stack.

Encryption Modes

The modes are mutually exclusive, all JGroups members in the group must be configured in the same way.

Shared Keystore Encryption

The shared keystore encryption encrypts all events of a type MSG that have a non-null message buffer. The protocol can be inserted at any position in the stack, and it is not dependent by a coordinator to generate and distribute the key. This is using symmetric encryption with a secret key that is stored in a keystore.

The configuration is similar to:

<ENCRYPT 
          key_store_name="defaultStore.keystore"
          store_password="some_password"
          alias="the_secret_key_alias_in_store"/>

Dynamic Key Generation

TODO