Difference between revisions of "Common-encryption"

From Gcube Wiki
Jump to: navigation, search
(Design and implementation notes)
m
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
=== Scope ===
+
[[Category: Developer's Guide]]
 +
= Scope =
 
This library offers an easy way to encrypt and decrypt string objects.
 
This library offers an easy way to encrypt and decrypt string objects.
  
=== Design and implementation notes ===
+
= Design and implementation notes =
 +
The "common-encryption" library is a refactoring of the old library named: "common-utils-encryption" but the focus of new library is only the string object.
 
The library uses a symmetric key based on the [http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf AES] standard algorithm for cryptography. It does expect that such a key is available on the local classpath. Optionally, the key can be programmatically passed to the methods exposed by the Encrypters.
 
The library uses a symmetric key based on the [http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf AES] standard algorithm for cryptography. It does expect that such a key is available on the local classpath. Optionally, the key can be programmatically passed to the methods exposed by the Encrypters.
  
 +
If the key is not programmatically passed, the library load a different simmetric key according to the VO scope:
 +
 +
eg.
 +
 +
for scope "/gcube/devsec" load file: "devsec.gcubekey";
 +
 +
for scope "/gcube" load file: "gcube.gcubekey";
 +
 +
for scope "/gcube/devsec/devVRE" load file: "devsec.gcubekey" (the VO ).
 +
 +
 
In addition, the resulting encrypted data are encoded in the BASE 64 schema in order to represent them in the ASCII string format.
 
In addition, the resulting encrypted data are encoded in the BASE 64 schema in order to represent them in the ASCII string format.
  
Line 12: Line 25:
 
* <code>StringEncrypter</code> for encrypting/decrypting String objects
 
* <code>StringEncrypter</code> for encrypting/decrypting String objects
  
 +
= Usage =
 +
 +
== Maven coordinates ==
 +
The maven artifact coordinates are:
 +
<source lang="xml">
 +
<dependency>
 +
  <groupId>org.gcube.core</groupId>
 +
  <artifactId>common-encryption</artifactId>
 +
  <version>...</version>
 +
</dependency>
 +
</source>
  
=== Sample Usage ===
+
Check on [http://maven.research-infrastructures.eu/nexus/index.html#nexus-search;gav~org.gcube.core~common-encryption Nexus] for the latest version.
  
==== String Encryption ====
+
== String Encryption ==
  
 
This and the following sample are taken from the exploitation the resource library does of the encryption library for protecting the AccessData content of the RuntimeResource class.
 
This and the following sample are taken from the exploitation the resource library does of the encryption library for protecting the AccessData content of the RuntimeResource class.
Line 23: Line 47:
 
<source lang="java">
 
<source lang="java">
  
import org.gcube.common.utils.encryption.StringEncrypter;
+
import org.gcube.common.encryption.StringEncrypter;
  
 
//...
 
//...
Line 60: Line 84:
 
</source>
 
</source>
  
==== String Decryption ====
+
== String Decryption ==
 
The following snippet shows how to decrypt a string:
 
The following snippet shows how to decrypt a string:
  
 
<source lang="java">
 
<source lang="java">
  
import org.gcube.common.utils.encryption.StringEncrypter;
+
import org.gcube.common.encryption.StringEncrypter;
  
 
//...
 
//...

Latest revision as of 09:24, 25 July 2013

Scope

This library offers an easy way to encrypt and decrypt string objects.

Design and implementation notes

The "common-encryption" library is a refactoring of the old library named: "common-utils-encryption" but the focus of new library is only the string object. The library uses a symmetric key based on the AES standard algorithm for cryptography. It does expect that such a key is available on the local classpath. Optionally, the key can be programmatically passed to the methods exposed by the Encrypters.

If the key is not programmatically passed, the library load a different simmetric key according to the VO scope:

eg.

for scope "/gcube/devsec" load file: "devsec.gcubekey";

for scope "/gcube" load file: "gcube.gcubekey";

for scope "/gcube/devsec/devVRE" load file: "devsec.gcubekey" (the VO ).


In addition, the resulting encrypted data are encoded in the BASE 64 schema in order to represent them in the ASCII string format.

The library uses only java standard libraries.

It exposes a main class:

  • StringEncrypter for encrypting/decrypting String objects

Usage

Maven coordinates

The maven artifact coordinates are:

<dependency>
  <groupId>org.gcube.core</groupId>
  <artifactId>common-encryption</artifactId>
  <version>...</version>
</dependency>

Check on Nexus for the latest version.

String Encryption

This and the following sample are taken from the exploitation the resource library does of the encryption library for protecting the AccessData content of the RuntimeResource class.

The following snippet shows how to encrypt a string:

import org.gcube.common.encryption.StringEncrypter;
 
//...
resource.setAccessData(StringEncrypter.getEncrypter().encrypt("my sensible data"));

After its serialization, the resource appears as follows:

<?xml version='1.0' encoding='UTF-8' standalone='yes' ?>
<Resource version="0.4.x">
	<ID>ac41d0d0-4791-11e1-b442-a3a8a4cd06fd</ID>
	<Type>RuntimeResource</Type>
	<Profile>
		<Category>test category</Category>
		<Name>resource name</Name>
		<Description>a description</Description>
		<Platform>
			<Name>Test platform</Name>
			<Version>1</Version>
			<MinorVersion>1</MinorVersion>
		</Platform>
		<RunTime>
			<HostedOn>macos-manuele</HostedOn>
			<GHN UniqueID="123456789"/>
			<Status>READY</Status>
		</RunTime>
		<AccessPoint>
			<Interface>
				<Endpoint EntryName="ap">http://myaccesspoint.eu</Endpoint>
			</Interface>
			<AccessData>dtvKM4JImPLQvboHwBvKEur1tbvdnKXYB82AICLq5/c=</AccessData> <!-- here's the encrypted data -->
		</AccessPoint>
	</Profile>
</Resource>

String Decryption

The following snippet shows how to decrypt a string:

import org.gcube.common.encryption.StringEncrypter;
 
//...
AccessPoint ap = new AccessPoint();
ap.setAccessData(StringEncrypter.getEncrypter().decrypt(this.load("AccessData")));
System.out.println("Access data's content: " + ap.getAccessData());

This will print the following line:

Access data's content: my sensible data