To configure the Public Key encryption provider, use the following crypto.provider properties:
| Property Name | Value |
|---|---|
| crypto.provider.jce.provider | BC |
| internal name of the JCE provider (“BC” for BouncyCastle RSA provider) | |
| crypto.provider.jce.provider.classname | org.bouncycastle.jce.provider.BouncyCastleProvider |
| class in the JCE provider which implements the Provider interface, can be instantiated and installed as a dynamic JCE provider in Java (org.bouncycastle.jce.provider.BouncyCastleProvider for BouncyCastle) | |
| crypto.provider.jce.provider.position | 2 |
| position in which the JCE provider defined by crypto.provider.jce.provider.classname is going to be inserted in the chain of existing JCE providers if not already present | |
| crypto.provider.jce.algorithm_mode_padd | RSA |
| specify the encryption algorithm, mode and padding (encryption transformation – for example “DES/CBC/PKCS5Padding”). See Appendix A in the Java Cryptography Architecture Reference Guide for information about standard transformation names | |
| crypto.provider.key.size | 1024 |
| specifies the size of the encryption/decryption key in bits | |
| crypto.provider.key.location.type | file |
| specify the location of the encryption/decryption key: can be “file” or “keystore” (see note below) | |
| crypto.provider.RSA.public.key | /opt/connect/kc/import/crypto.pubkey |
| specify the fully qualified public key filename. IMPORTANT: This file should be stored in the import directory so that it is copied to each node during the deployment process. | |
| crypto.provider.RSA.private.key | /opt/connect/kc/crypto.privkey |
| specify the fully qualified private key filename. IMPORTANT: This file should NOT be stored in the import directory so that it is NOT copied to each node during the deployment process. | |
# class name which implements connect CryptoProvider
crypto.provider=com.kana.connect.common.lib.crypto.RSACryptoProvider
crypto.provider.jce.provider=BC
crypto.provider.jce.provider.classname=org.bouncycastle.jce.provider.BouncyCastleProvider
crypto.provider.jce.provider.position=2
crypto.provider.jce.algorithm_mode_padd=RSA
crypto.provider.key.size=1024
# configure file-based keys
crypto.provider.key.location.type=file
crypto.provider.RSA.private.key=/opt/connect/kc/crypto.privkey
crypto.provider.RSA.public.key=/opt/connect/kc/import/crypto.pubkey
$ sh install/cryptoutil.sh -k
It will create the public and private key files in the current directory based on the parameters in crypto.properties.
The public key file fill be named public_X.509.key and the private key will be named private_PKCS#8.key (these
file names are hardcoded). Make sure the pathnames of the key files match the pathnames in crypto.properties. In this
example, we will copy the files to match the filenames in crypto.properties.
$ cp public_X.509.key import/crypto.pubkey
$ cp private_PKCS#8.key crypto.privkey
$ sh install/encryptdbinfo.sh
This program should add a new database.connect.encrypted property to the database.properties file:
database.connect.encrypted=LlDM0fJerlzWvL03LwlcHzUqTjMapNKqougilxAMmQJGdP2nNRyk3SU3W8iAKt6YXos2mBIj/x+2\
z1uvBoT8lNkds8m+wwlgZ4JekWlJulVzDXDwDV8dKAKnmxPkcQu4SLxGHl6anno079nuuHlX/qdqHBIS/hNK7l6qJnHXLk4=
com.kana.connect.common.lib.crypto.CryptoException: java.security.InvalidKeyException: Illegal key size or default parameters