[
https://issues.apache.org/jira/browse/FLUME-1549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brock Noland updated FLUME-1549:
--------------------------------
Description:
This is from the RB
{noformat}
Below is some sample configuration:
Generating a key with a password seperate from the key store password:
keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
-keysize 128 -validity 9000 -keystore test.keystore \
-storetype jceks -storepass keyStorePassword
Generating a key with the password the same as the key store password:
keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \
-keystore src/test/resources/test.keystore -storetype jceks \
-storepass keyStorePassword
agent.channels.ch-0.encryption.keyAlias = key-0
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyProvider = key-provider-0
agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
/path/to/my.keystore
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
= /path/to/my.keystore.password
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0
Let's say you have aged key-0 out and new files should be encrypted with key-1:
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyProvider = key-provider-0
agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
/path/to/my.keystore
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
= /path/to/my.keystore.password
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
The same scenerio as above, however key-0 has it's own password:
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyProvider = key-provider-0
agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
/path/to/my.keystore
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
= /path/to/my.keystore.password
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys.key-0.passwordFile
= /path/to/key-0.password
{noformat}
was:
This is from the RB
{noformat}
Below is some sample configuration:
Generating a key with a password seperate from the key store password:
keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
-keysize 192 -validity 9000 -keystore test.keystore \
-storetype jceks -storepass keyStorePassword
Generating a key with the password the same as the key store password:
keytool -genseckey -alias key-1 -keyalg AES -keysize 192 -validity 9000 \
-keystore src/test/resources/test.keystore -storetype jceks \
-storepass keyStorePassword
Here is a basic configuration with key-0 using the same password as the key
store:
agent.channels.ch-0.encryption.keyProvider = JCEKSFILE
agent.channels.ch-0.encryption.keyAlias = key-0
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyStoreFile = /path/to/my.keystore
agent.channels.ch-0.encryption.keyStorePasswordFile =
/path/to/my.keystore.password
agent.channels.ch-0.encryption.keys = key-0
Let's say you have aged key-0 out and new files should be encrypted with key-1:
agent.channels.ch-0.encryption.keyProvider = JCEKSFILE
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyStoreFile = /path/to/my.keystore
agent.channels.ch-0.encryption.keyStorePasswordFile =
/path/to/my.keystore.password
agent.channels.ch-0.encryption.keys = key-0 key-1
The same scenerio as above, however key-0 has it's own password:
agent.channels.ch-0.encryption.keyProvider = JCEKSFILE
agent.channels.ch-0.encryption.keyAlias = key-1
agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
agent.channels.ch-0.encryption.keyStoreFile = /path/to/my.keystore
agent.channels.ch-0.encryption.keyStorePasswordFile =
/path/to/my.keystore.password
agent.channels.ch-0.encryption.keys = key-0 key-1
agent.channels.ch-0.encryption.keys.key-0.passwordFile = /path/to/key-0.password
{noformat}
> Website should document encryption
> ----------------------------------
>
> Key: FLUME-1549
> URL: https://issues.apache.org/jira/browse/FLUME-1549
> Project: Flume
> Issue Type: Improvement
> Components: Docs
> Reporter: Brock Noland
> Assignee: Brock Noland
>
> This is from the RB
> {noformat}
> Below is some sample configuration:
> Generating a key with a password seperate from the key store password:
> keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
> -keysize 128 -validity 9000 -keystore test.keystore \
> -storetype jceks -storepass keyStorePassword
> Generating a key with the password the same as the key store password:
> keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \
> -keystore src/test/resources/test.keystore -storetype jceks \
> -storepass keyStorePassword
>
> agent.channels.ch-0.encryption.keyAlias = key-0
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
> /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
> = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0
> Let's say you have aged key-0 out and new files should be encrypted with
> key-1:
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
> /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
> = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> The same scenerio as above, however key-0 has it's own password:
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile =
> /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile
> = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys.key-0.passwordFile
> = /path/to/key-0.password
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
