Class AESBlobProvider

All Implemented Interfaces:
BlobProvider

public class AESBlobProvider extends LocalBlobProvider
A blob provider that encrypts binaries on the filesystem using AES.

To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password using PBKDF2 (in which case each stored file contains a different salt for security reasons). The on-disk file format is described in AESBlobStore.EncryptingOutputStream.

The blob provider configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2.

For keystore use, the following properties are available:

  • keyStoreType: the keystore type, for instance JCEKS
  • keyStoreFile: the path to the keystore, if applicable
  • keyStorePassword: the keystore password
  • keyAlias: the alias (name) of the key in the keystore
  • keyPassword: the key password

And for PBKDF2 use:

  • password: the password

For backward compatibility, the properties can also be included in the <property name="key">prop1=value1,prop2=value2,...</property> of the blob provider configuration.

Since:
11.1