Emmanuel Lecharny wrote:
as I need to rewrite the serialization for ServerEntry, ServerAttribute, ServerValue, DN, RDN and AttributeTypeAndValue, I have had some ideas, and I would like to know your opinion :To make the encryption cryptographically sound, the message to be encrypted must be sufficiently random. In a scheme where each entry is encrypted individually, this requires an initialization vector (i.e. some random bits) which amounts to relatively high percentage of wasted space. A scheme where the encryption happens in larger chunks (e.g. B-Tree nodes or pages) will typically have better "randomness" in the first place and reduce the space wasted by the iv. I don't know how the storage engine works at the bottom end, but I'd guess that this would be a better place to do encryption.- what about adding a flag to tell the serialization methods (those classes are Externalizable) to encrypt/decrypt the data on disk ? Tis would be a much better solution than to define an encryption option to be added to all the attributes (like "cn;encrypted=fR5*za"). All the data will be encrypted before being serialized to disk. It would be off by default, of course
Joerg Henne
smime.p7s
Description: S/MIME Cryptographic Signature
