Difference between revisions of "Common-encryption"
(→Scope) |
m |
||
(13 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | [[Category: Developer's Guide]] | |
+ | = Scope = | ||
This library offers an easy way to encrypt and decrypt string objects. | This library offers an easy way to encrypt and decrypt string objects. | ||
− | + | = Design and implementation notes = | |
+ | The "common-encryption" library is a refactoring of the old library named: "common-utils-encryption" but the focus of new library is only the string object. | ||
The library uses a symmetric key based on the [http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf AES] standard algorithm for cryptography. It does expect that such a key is available on the local classpath. Optionally, the key can be programmatically passed to the methods exposed by the Encrypters. | The library uses a symmetric key based on the [http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf AES] standard algorithm for cryptography. It does expect that such a key is available on the local classpath. Optionally, the key can be programmatically passed to the methods exposed by the Encrypters. | ||
+ | If the key is not programmatically passed, the library load a different simmetric key according to the VO scope: | ||
+ | |||
+ | eg. | ||
+ | |||
+ | for scope "/gcube/devsec" load file: "devsec.gcubekey"; | ||
+ | |||
+ | for scope "/gcube" load file: "gcube.gcubekey"; | ||
+ | |||
+ | for scope "/gcube/devsec/devVRE" load file: "devsec.gcubekey" (the VO ). | ||
+ | |||
+ | |||
In addition, the resulting encrypted data are encoded in the BASE 64 schema in order to represent them in the ASCII string format. | In addition, the resulting encrypted data are encoded in the BASE 64 schema in order to represent them in the ASCII string format. | ||
− | The library | + | The library uses only java standard libraries. |
− | It exposes | + | It exposes a main class: |
* <code>StringEncrypter</code> for encrypting/decrypting String objects | * <code>StringEncrypter</code> for encrypting/decrypting String objects | ||
+ | |||
+ | = Usage = | ||
+ | |||
+ | == Maven coordinates == | ||
+ | The maven artifact coordinates are: | ||
+ | <source lang="xml"> | ||
+ | <dependency> | ||
+ | <groupId>org.gcube.core</groupId> | ||
+ | <artifactId>common-encryption</artifactId> | ||
+ | <version>...</version> | ||
+ | </dependency> | ||
+ | </source> | ||
+ | |||
+ | Check on [http://maven.research-infrastructures.eu/nexus/index.html#nexus-search;gav~org.gcube.core~common-encryption Nexus] for the latest version. | ||
+ | |||
+ | == String Encryption == | ||
+ | |||
+ | This and the following sample are taken from the exploitation the resource library does of the encryption library for protecting the AccessData content of the RuntimeResource class. | ||
+ | |||
+ | The following snippet shows how to encrypt a string: | ||
+ | |||
+ | <source lang="java"> | ||
+ | |||
+ | import org.gcube.common.encryption.StringEncrypter; | ||
+ | |||
+ | //... | ||
+ | resource.setAccessData(StringEncrypter.getEncrypter().encrypt("my sensible data")); | ||
+ | |||
+ | </source> | ||
+ | |||
+ | After its serialization, the resource appears as follows: | ||
+ | <source lang="xml"> | ||
+ | <?xml version='1.0' encoding='UTF-8' standalone='yes' ?> | ||
+ | <Resource version="0.4.x"> | ||
+ | <ID>ac41d0d0-4791-11e1-b442-a3a8a4cd06fd</ID> | ||
+ | <Type>RuntimeResource</Type> | ||
+ | <Profile> | ||
+ | <Category>test category</Category> | ||
+ | <Name>resource name</Name> | ||
+ | <Description>a description</Description> | ||
+ | <Platform> | ||
+ | <Name>Test platform</Name> | ||
+ | <Version>1</Version> | ||
+ | <MinorVersion>1</MinorVersion> | ||
+ | </Platform> | ||
+ | <RunTime> | ||
+ | <HostedOn>macos-manuele</HostedOn> | ||
+ | <GHN UniqueID="123456789"/> | ||
+ | <Status>READY</Status> | ||
+ | </RunTime> | ||
+ | <AccessPoint> | ||
+ | <Interface> | ||
+ | <Endpoint EntryName="ap">http://myaccesspoint.eu</Endpoint> | ||
+ | </Interface> | ||
+ | <AccessData>dtvKM4JImPLQvboHwBvKEur1tbvdnKXYB82AICLq5/c=</AccessData> <!-- here's the encrypted data --> | ||
+ | </AccessPoint> | ||
+ | </Profile> | ||
+ | </Resource> | ||
+ | </source> | ||
+ | |||
+ | == String Decryption == | ||
+ | The following snippet shows how to decrypt a string: | ||
+ | |||
+ | <source lang="java"> | ||
+ | |||
+ | import org.gcube.common.encryption.StringEncrypter; | ||
+ | |||
+ | //... | ||
+ | AccessPoint ap = new AccessPoint(); | ||
+ | ap.setAccessData(StringEncrypter.getEncrypter().decrypt(this.load("AccessData"))); | ||
+ | System.out.println("Access data's content: " + ap.getAccessData()); | ||
+ | |||
+ | </source> | ||
+ | |||
+ | This will print the following line: | ||
+ | <source lang="text"> | ||
+ | Access data's content: my sensible data | ||
+ | </source> |
Latest revision as of 09:24, 25 July 2013
Contents
Scope
This library offers an easy way to encrypt and decrypt string objects.
Design and implementation notes
The "common-encryption" library is a refactoring of the old library named: "common-utils-encryption" but the focus of new library is only the string object. The library uses a symmetric key based on the AES standard algorithm for cryptography. It does expect that such a key is available on the local classpath. Optionally, the key can be programmatically passed to the methods exposed by the Encrypters.
If the key is not programmatically passed, the library load a different simmetric key according to the VO scope:
eg.
for scope "/gcube/devsec" load file: "devsec.gcubekey";
for scope "/gcube" load file: "gcube.gcubekey";
for scope "/gcube/devsec/devVRE" load file: "devsec.gcubekey" (the VO ).
In addition, the resulting encrypted data are encoded in the BASE 64 schema in order to represent them in the ASCII string format.
The library uses only java standard libraries.
It exposes a main class:
-
StringEncrypter
for encrypting/decrypting String objects
Usage
Maven coordinates
The maven artifact coordinates are:
<dependency> <groupId>org.gcube.core</groupId> <artifactId>common-encryption</artifactId> <version>...</version> </dependency>
Check on Nexus for the latest version.
String Encryption
This and the following sample are taken from the exploitation the resource library does of the encryption library for protecting the AccessData content of the RuntimeResource class.
The following snippet shows how to encrypt a string:
import org.gcube.common.encryption.StringEncrypter; //... resource.setAccessData(StringEncrypter.getEncrypter().encrypt("my sensible data"));
After its serialization, the resource appears as follows:
<?xml version='1.0' encoding='UTF-8' standalone='yes' ?> <Resource version="0.4.x"> <ID>ac41d0d0-4791-11e1-b442-a3a8a4cd06fd</ID> <Type>RuntimeResource</Type> <Profile> <Category>test category</Category> <Name>resource name</Name> <Description>a description</Description> <Platform> <Name>Test platform</Name> <Version>1</Version> <MinorVersion>1</MinorVersion> </Platform> <RunTime> <HostedOn>macos-manuele</HostedOn> <GHN UniqueID="123456789"/> <Status>READY</Status> </RunTime> <AccessPoint> <Interface> <Endpoint EntryName="ap">http://myaccesspoint.eu</Endpoint> </Interface> <AccessData>dtvKM4JImPLQvboHwBvKEur1tbvdnKXYB82AICLq5/c=</AccessData> <!-- here's the encrypted data --> </AccessPoint> </Profile> </Resource>
String Decryption
The following snippet shows how to decrypt a string:
import org.gcube.common.encryption.StringEncrypter; //... AccessPoint ap = new AccessPoint(); ap.setAccessData(StringEncrypter.getEncrypter().decrypt(this.load("AccessData"))); System.out.println("Access data's content: " + ap.getAccessData());
This will print the following line:
Access data's content: my sensible data