org.jgroups.protocols

Class SYM_ENCRYPT

java.lang.Object

org.jgroups.stack.Protocol

org.jgroups.protocols.EncryptBase

org.jgroups.protocols.SYM_ENCRYPT

public class SYM_ENCRYPT
extends EncryptBase

Encrypts and decrypts communication in JGroups by using a secret key shared by all cluster members.

The secret key is identical for all cluster members and is injected into this protocol at startup, e.g. by reading it from a keystore. Messages are sent by encrypting them with the secret key and received by decrypting them with the secret key. Note that all cluster members must be shipped with the same keystore file

This protocol is typically placed under NAKACK2, so that most important headers are encrypted as well, to prevent replay attacks.

A possible configuration looks like this:

<SYM_ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>

In order to use SYM_ENCRYPT layer in this manner, it is necessary to have the secret key already generated in a keystore file. The directory containing the keystore file must be on the application's classpath. You cannot create a secret key keystore file using the keytool application shipped with the JDK. A java file called KeyStoreGenerator is included in the demo package that can be used from the command line (or IDE) to generate a suitable keystore.

Author:

Bela Ban, Steve Woodcock

Nested Class Summary

Nested classes/interfaces inherited from class org.jgroups.protocols.EncryptBase

EncryptBase.Decrypter

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String	alias
protected java.lang.String	key_password
protected java.lang.String	keystore_name
protected java.lang.String	keystore_type
protected java.lang.String	store_password

Fields inherited from class org.jgroups.protocols.EncryptBase

asym_algorithm, asym_keylength, cipher_pool_size, decoding_ciphers, DEFAULT_SYM_ALGO, encoding_ciphers, encrypt_entire_message, key_map, key_map_max_size, local_addr, provider, secret_key, sign_msgs, sym_algorithm, sym_keylength, sym_version, use_adler, view

Fields inherited from class org.jgroups.stack.Protocol

after_creation_hook, down_prot, ergonomics, id, log, name, stack, stats, up_prot

Constructor Summary

Constructors

Constructor and Description
SYM_ENCRYPT()

Method Summary

Modifier and Type	Method and Description
java.lang.String	alias()
SYM_ENCRYPT	alias(java.lang.String a)
void	init() Called after instance has been created (null constructor) and before protocol is started.
java.lang.String	keystoreName()
SYM_ENCRYPT	keystoreName(java.lang.String n)
protected void	readSecretKeyFromKeystore() Initialisation if a supplied key is defined in the properties.
java.lang.String	storePassword()
SYM_ENCRYPT	storePassword(java.lang.String pwd)

Methods inherited from class org.jgroups.protocols.EncryptBase

_decrypt, adler, adler, asymAlgorithm, asymAlgorithm, asymKeylength, asymKeylength, code, computeChecksum, createChecksummer, createCipher, decryptChecksum, decryptMessage, down, encryptAndSend, encryptChecksum, encryptEntireMessage, encryptEntireMessage, getAlgorithm, handleEncryptedMessage, handleUnknownVersion, handleUpEvent, handleUpMessage, handleView, initSymCiphers, inView, localAddress, process, secretKey, secretKey, signMessages, signMessages, symAlgorithm, symAlgorithm, symKeylength, symKeylength, symVersion, symVersion, up, up, version

Methods inherited from class org.jgroups.stack.Protocol

accept, afterCreationHook, destroy, dumpStats, enableStats, getConfigurableObjects, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getLog, getName, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, printStats, providedDownServices, providedUpServices, requiredDownServices, requiredUpServices, resetStatistics, resetStats, setDownProtocol, setErgonomics, setId, setLevel, setProtocolStack, setSocketFactory, setUpProtocol, setValue, setValues, start, statsEnabled, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

keystore_name

protected java.lang.String keystore_name

keystore_type

protected java.lang.String keystore_type

store_password

protected java.lang.String store_password

key_password

protected java.lang.String key_password

alias

protected java.lang.String alias

Constructor Detail

SYM_ENCRYPT

public SYM_ENCRYPT()

Method Detail

keystoreName

public java.lang.String keystoreName()

keystoreName

public SYM_ENCRYPT keystoreName(java.lang.String n)

alias

public java.lang.String alias()

alias

public SYM_ENCRYPT alias(java.lang.String a)

storePassword

public java.lang.String storePassword()

storePassword

public SYM_ENCRYPT storePassword(java.lang.String pwd)

init

public void init()
          throws java.lang.Exception

Description copied from class: Protocol

Called after instance has been created (null constructor) and before protocol is started. Properties are already set. Other protocols are not yet connected and events cannot yet be sent.

Overrides:

init in class EncryptBase

Throws:

java.lang.Exception - Thrown if protocol cannot be initialized successfully. This will cause the ProtocolStack to fail, so the channel constructor will throw an exception

readSecretKeyFromKeystore

protected void readSecretKeyFromKeystore()
                                  throws java.lang.Exception

Initialisation if a supplied key is defined in the properties. This supplied key must be in a keystore which can be generated using the keystoreGenerator file in demos. The keystore must be on the classpath to find it.

Throws:

java.lang.Exception