Class AESBinaryManager

All Implemented Interfaces:
BinaryManager

@Deprecated(since="2023.9") public class AESBinaryManager extends LocalBinaryManager
Deprecated.
since 2023.9, use AESBlobProvider instead
A binary manager that encrypts binaries on the filesystem using AES.

The configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2. This configuration comes from the <property name="key">...</property> of the binary manager configuration.

The configuration has the form key1=value1,key2=value2,... where the possible keys are, for keystore use:

  • keyStoreType: the keystore type, for instance JCEKS
  • keyStoreFile: the path to the keystore, if applicable
  • keyStorePassword: the keystore password
  • keyAlias: the alias (name) of the key in the keystore
  • keyPassword: the key password

And for PBKDF2 use:

  • password: the password

To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password using PBKDF2 (in which case each stored file contains a different salt for security reasons). The file format is described in storeAndDigest(InputStream, OutputStream).

While the binary is being used by the application, a temporarily-decrypted file is held in a temporary directory. It is removed as soon as possible.

Since:
6.0
  • Field Details

    • FILE_MAGIC

      protected static final byte[] FILE_MAGIC
      Deprecated.
    • FILE_VERSION_1

      protected static final int FILE_VERSION_1
      Deprecated.
      See Also:
    • USE_KEYSTORE

      protected static final int USE_KEYSTORE
      Deprecated.
      See Also:
    • USE_PBKDF2

      protected static final int USE_PBKDF2
      Deprecated.
      See Also:
    • AES

      protected static final String AES
      Deprecated.
      See Also:
    • AES_CBC_PKCS5_PADDING

      protected static final String AES_CBC_PKCS5_PADDING
      Deprecated.
      See Also:
    • AES_GCM_NOPADDING

      protected static final String AES_GCM_NOPADDING
      Deprecated.
      See Also:
    • PBKDF2_WITH_HMAC_SHA1

      protected static final String PBKDF2_WITH_HMAC_SHA1
      Deprecated.
      See Also:
    • PBKDF2_ITERATIONS

      protected static final int PBKDF2_ITERATIONS
      Deprecated.
      See Also:
    • PBKDF2_KEY_LENGTH

      protected static final int PBKDF2_KEY_LENGTH
      Deprecated.
      See Also:
    • PARAM_PASSWORD

      protected static final String PARAM_PASSWORD
      Deprecated.
      See Also:
    • PARAM_KEY_STORE_TYPE

      protected static final String PARAM_KEY_STORE_TYPE
      Deprecated.
      See Also:
    • PARAM_KEY_STORE_FILE

      protected static final String PARAM_KEY_STORE_FILE
      Deprecated.
      See Also:
    • PARAM_KEY_STORE_PASSWORD

      protected static final String PARAM_KEY_STORE_PASSWORD
      Deprecated.
      See Also:
    • PARAM_KEY_ALIAS

      protected static final String PARAM_KEY_ALIAS
      Deprecated.
      See Also:
    • PARAM_KEY_PASSWORD

      protected static final String PARAM_KEY_PASSWORD
      Deprecated.
      See Also:
    • PARAM_KEY_USE_INSECURE_CIPHER

      protected static final String PARAM_KEY_USE_INSECURE_CIPHER
      Deprecated.
      If true, use the insecure AES/CBC/PKCS5Padding for encryption. The default is false, to use AES/GCM/NoPadding.
      Since:
      10.3
      See Also:
    • RANDOM

      protected static final Random RANDOM
      Deprecated.
    • digestAlgorithm

      protected String digestAlgorithm
      Deprecated.
    • usePBKDF2

      protected boolean usePBKDF2
      Deprecated.
    • password

      protected String password
      Deprecated.
    • keyStoreType

      protected String keyStoreType
      Deprecated.
    • keyStoreFile

      protected String keyStoreFile
      Deprecated.
    • keyStorePassword

      protected String keyStorePassword
      Deprecated.
    • keyAlias

      protected String keyAlias
      Deprecated.
    • keyPassword

      protected String keyPassword
      Deprecated.
    • useInsecureCipher

      protected boolean useInsecureCipher
      Deprecated.
  • Constructor Details

    • AESBinaryManager

      public AESBinaryManager()
      Deprecated.
  • Method Details