Logo Search packages:      
Sourcecode: libjgroups-java version File versions

org::jgroups::protocols::ENCRYPT Class Reference

Inheritance diagram for org::jgroups::protocols::ENCRYPT:

org::jgroups::stack::Protocol

List of all members.


Detailed Description

ENCRYPT layer. Encrypt and decrypt the group communication in JGroups

The file can be used in two ways:

Each message is identified as encrypted with a specific encryption header which identifies the type of encrypt header and an MD5 digest that identifies the version of the key being used to encrypt/decrypt the messages.

Option 1


This is the simplest option and can be used by simply inserting the Encryption layer at any point in the JGroup stack - it will encrypt all Events of a type MSG that have a non-null message buffer. The format of the entry in this form is:
<ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>
An example bare-bones.xml file showing the keystore version can be found in the conf ina file called EncryptKeyStore.xml - along with a defaultStore.keystore file.
In order to use the Encrypt layer in this manner it is necessary to have the secretKey already generated in a keystore file. The directory containing the keystore file must be on the application's classpath. You cannot create a SecretKey keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore.

Option 2


This option is suited to an application that does not ship with a known key but instead it is generated and distributed by the controller. The secret key is first generated by the Controller (in JGroup terms). When a view change occurs a peer will request the secret key by sending a key request with its own public key. The controller encrypts the secret key with this key and sends it back to the peer who then decrypts it and installs the key as its own secret key.
All encryption and decryption of Messages is done using this key. When a peer receives a view change that shows a different keyserver it will repeat this process - the view change event also trigger the encrypt layer to queue up and down messages until the new key is installed. The previous keys are retained so that messages sent before the view change that are queued can be decrypted if the key is different.
An example EncryptNoKeyStore.xml is included in the conf file as a guide.


Note: the current version does not support the concept of perfect forward encryption (PFE) which means that if a peer leaves the group the keys are re-generated preventing the departed peer from decrypting future messages if it chooses to listen in on the group. This is not included as it really requires a suitable authentication scheme as well to make this feature useful as there is nothing to stop the peer rejoining and receiving the new key. A future release will address this issue.

Author:
Steve Woodcock

Bela Ban

Definition at line 89 of file ENCRYPT.java.


Public Member Functions

void destroy ()
Object down (Event evt)
boolean downThreadEnabled ()
Map< String, Object > dumpStats ()
void enableStats (boolean flag)
Protocol getDownProtocol ()
String getName ()
Properties getProperties ()
ProtocolStack getProtocolStack ()
ThreadFactory getThreadFactory ()
Protocol getUpProtocol ()
void init () throws Exception
void initKeyPair () throws Exception
void initSymKey () throws Exception
Object passItDown (Event evt)
Object passItUp (Event evt)
String printStats ()
Vector< Integer > providedDownServices ()
Vector< Integer > providedUpServices ()
Vector< Integer > requiredDownServices ()
Vector< Integer > requiredUpServices ()
void reset ()
void resetStats ()
void setDownProtocol (Protocol down_prot)
void setObserver (Observer o)
boolean setProperties (Properties props)
boolean setPropertiesInternal (Properties props)
void setProtocolStack (ProtocolStack stack)
void setUpProtocol (Protocol up_prot)
void start () throws Exception
boolean statsEnabled ()
void stop ()
Object up (Event evt)
boolean upThreadEnabled ()

Protected Member Functions

String getAsymAlgorithm ()
Cipher getAsymCipher ()
int getAsymInit ()
String getAsymProvider ()
SecretKey getDesKey ()
Address getKeyServerAddr ()
String getKeyStoreName ()
KeyPair getKpair ()
Address getLocal_addr ()
PublicKey getServerPubKey ()
String getSymAlgorithm ()
Cipher getSymDecodingCipher ()
Cipher getSymEncodingCipher ()
int getSymInit ()
TP getTransport ()
void setKeyServerAddr (Address keyServerAddr)
void setLocal_addr (Address local_addr)

Static Protected Member Functions

static String getSymProvider ()

Protected Attributes

Protocol down_prot = null
final Log log = LogFactory.getLog(this.getClass())
final Properties props = new Properties()
ProtocolStack stack = null
boolean stats = true
Protocol up_prot = null

Package Attributes

String asymAlgorithm = "RSA"
int asymInit = 512
String asymProvider = null
final Map< String, Cipher > keyMap = new WeakHashMap<String,Cipher>()
boolean keyServer = false
Address keyServerAddr = null
KeyPair Kpair
Address local_addr = null
Observer observer
SecretKey secretKey = null
PublicKey serverPubKey = null
String symAlgorithm = DEFAULT_SYM_ALGO
Cipher symDecodingCipher
Cipher symEncodingCipher
int symInit = 56

Static Package Attributes

static final String DEFAULT_SYM_ALGO = "Blowfish"
static final String symProvider = null

Private Member Functions

void becomeKeyServer (Address tmpKeyServer)
SecretKeySpec decodeKey (byte[] encodedKey) throws Exception
Message decryptMessage (Cipher cipher, Message msg) throws Exception
void drainDownQueue () throws Exception
void drainUpQueue () throws Exception
PublicKey generatePubKey (byte[] encodedKey)
SecretKey getSecretKey ()
String getSymVersion ()
void handleNewKeyServer (Address newKeyServer)
void handleUpMessage (Event evt) throws Exception
synchronized void handleViewChange (View view, boolean makeServer)
void initConfiguredKey () throws Exception
void initSymCiphers (String algorithm, SecretKey secret) throws Exception
void sendDown (Event evt) throws Exception
Message sendKeyRequest ()
void sendSecretKey (SecretKey secret, PublicKey pubKey, Address source) throws InvalidKeyException, IllegalStateException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException
void setKeys (SecretKey key, String version) throws Exception
void setSecretKey (SecretKey secretKey)
void setSymVersion (String symVersion)

Static Private Member Functions

static Message _decrypt (Cipher cipher, Message msg, boolean decrypt_entire_msg) throws Exception
static byte[] encryptMessage (Cipher cipher, byte[] plain, int offset, int length) throws Exception
static String formatArray (byte[] array)
static String getAlgorithm (String s)

Private Attributes

String alias = "mykey"
Cipher asymCipher
BlockingQueue< EventdownMessageQueue = new LinkedBlockingQueue<Event>()
boolean encrypt_entire_message = false
String keyPassword = "changeit"
String keyStoreName
boolean queue_down = false
boolean queue_up = true
String storePassword = "changeit"
boolean suppliedKey = false
String symVersion = null
BlockingQueue< EventupMessageQueue = new LinkedBlockingQueue<Event>()

Classes

class  EncryptHeader
interface  Observer

The documentation for this class was generated from the following file:

Generated by  Doxygen 1.6.0   Back to index