Connect has a modular encryption architecture that is used to perform the following functions:
- To encrypt and decrypt
user passwords in the database,
- To encrypt and decrypt database connection information in the
database.properties file, and
- To decrypt encrypted parameters to event-triggered messages.
Connect may be
configured to use different encryption technology providers by modifying the
crypto.properties file (found in the Connect install directory). By default,
the
crypto.properties file uses the "Default" provider, which uses the same
encryption technology as previous versions of Connect.
Connect supports two additional encryption providers:
- SymmetricCryptoProvider, which supports symmetric encryption algorithms, such
as AES and DES
- RSACryptoProvider, which supports RSA public key encryption.
In addition, the Connect encryption APIs may be used to build custom encryption providers
to access additional encryption technologies, such as hardware security modules (HSMs).
Configuring Default Encryption Provider
The main
entry in the crypto.properties file is the crypto.provider property. To configure
the default Connect encryption provider, the crypto.properties file should contain a
single property definition as shown below:
crypto.provider=com.kana.connect.common.lib.crypto.OldConnectCryptoProvider
When using the Default provider, all other properties in
crypto.properties will be ignored.