4.2 Configuring an Encryption Provider
Connect has a modular encryption architecture that is used to perform the following functions:
To encrypt and decrypt user passwords in the database,
To encrypt and decrypt database connection information in the database.properties file, and
To decrypt encrypted parameters to event-triggered messages.
Connect may be configured to use different encryption technology providers by modifying the crypto.properties file (found in the Connect install directory). By default, the crypto.properties file uses the "Default" provider, which uses the same encryption technology as previous versions of Connect. Connect supports two additional encryption providers:
SymmetricCryptoProvider, which supports symmetric encryption algorithms, such as AES and DES
RSACryptoProvider, which supports RSA public key encryption.
In addition, the Connect encryption APIs may be used to build custom encryption providers to access additional encryption technologies, such as hardware security modules (HSMs).
Configuring Default Encryption Provider
The main entry in the crypto.properties file is the crypto.provider property. To configure the default Connect encryption provider, the crypto.properties file should contain a single property definition as shown below:
crypto.provider=com.kana.connect.common.lib.crypto.OldConnectCryptoProvider When using the Default provider, all other properties in crypto.properties will be ignored.