[jira] [Created] (FLUME-1549) Website should document encryption

Sat, 08 Sep 2012 07:08:08 -0700 

Brock Noland created FLUME-1549:
-----------------------------------

             Summary: Website should document encryption
                 Key: FLUME-1549
                 URL: https://issues.apache.org/jira/browse/FLUME-1549
             Project: Flume
          Issue Type: Improvement
          Components: Docs
            Reporter: Brock Noland


This is from the RB

{noformat}
Below is some sample configuration:



Generating a key with a password seperate from the key store password:

    keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
      -keysize 192 -validity 9000 -keystore test.keystore \
      -storetype jceks -storepass keyStorePassword

Generating a key with the password the same as the key store password:      

    keytool -genseckey -alias key-1 -keyalg AES -keysize 192 -validity 9000 \
      -keystore src/test/resources/test.keystore -storetype jceks \
      -storepass keyStorePassword

Here is a basic configuration with key-0 using the same password as the key 
store:

agent.channels.ch-0.encryption.keyProvider = JCEKSFILE
agent.channels.ch-0.encryption.keyAlias = key-0
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyStoreFile = /path/to/my.keystore
agent.channels.ch-0.encryption.keyStorePasswordFile = 
/path/to/my.keystore.password
agent.channels.ch-0.encryption.keys = key-0

Let's say you have aged key-0 out and new files should be encrypted with key-1:

agent.channels.ch-0.encryption.keyProvider = JCEKSFILE
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyStoreFile = /path/to/my.keystore
agent.channels.ch-0.encryption.keyStorePasswordFile = 
/path/to/my.keystore.password
agent.channels.ch-0.encryption.keys = key-0 key-1

The same scenerio as above, however key-0 has it's own password:

agent.channels.ch-0.encryption.keyProvider = JCEKSFILE
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyStoreFile = /path/to/my.keystore
agent.channels.ch-0.encryption.keyStorePasswordFile = 
/path/to/my.keystore.password
agent.channels.ch-0.encryption.keys = key-0 key-1
agent.channels.ch-0.encryption.keys.key-0.passwordFile = /path/to/key-0.password
{noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to