What does the sample do?
This samples illustrates the implementation of a custom transformation for all JPPF network traffic.
The network data is encrypted using a DES cipher with a 56 bits symetric secret key.
The initial secret key is kept in a keystore, that is included in the resulting jar file deployed to the nodes, servers and clients.
This key is not used to actually encrypt or decrypt the data. Instead, it s used to generate and encrypt a new secret key for each new block of data to encrypt.
This means that each block of data (i.e a task or data provider) is encrypted with a different key. The resulting block structure is thus as follows:
- length of the new key
- content of the new key (encrypted with the initial key)
- actual data (encrypted with the new key)
There remains, however, one vulnerability: we still need the keystore password to be stored somewhere, so that we can use the keystore.
To avoid storing this password in clear, we obfuscate it by using a Base64 encoding, thanks to the excellent iHarder.net public domain Base64 library
The obfuscated password is then stored in a file, which is also included in the jar file to deploy.
Related source files
- SecureKeyCipherTransform.java : the data transformer that performs the encryption and decryption
- Helper.java : a set of utility methods to generate and retrieve passwords and secret keys, create and manipulate a keystore, and provide the encryption parameters
How do I use it?
First you need to build the sample jar file. To do this, perform the following steps:
- open a command prompt in JPPF-x.y.z-samples-pack/DataEncryption
- open the file "build.xml" with a text editor, and set the value of the "password" property to the password you want to use for the keystore (it will not be included with the deployed jar file)
- save the file you just edited and build the sample: type "ant jar"; this will create a file named DataEncryption.jar
The next step is to deploy the jar file to every component of the JPPF grid
, including servers, nodes, and client applications, and to hook it to the JPPF component:
- Add the jar file to the class path of each component: In the case of a server or node, it is simply a matter of dropping it into the "/lib" folder of the component's root installation path.
For client applications, you may have to edit the script that launches the application to add the jar to the class path.
- Edit the JPPF configuration file of each component and add the following property:
jppf.data.transform.class = org.jppf.example.dataencryption.SecureKeyCipherTransform
Once this is done, you can restart the servers, nodes and clients, and any data sent over the network will be automatically encrypted and secure.
What features of JPPF are demonstrated?
Custom transformation and encryption of the JPPF network traffic, allowing to work securely with a JPPF grid.
For a detailed explanation, please refer to the related documentation in the
Transforming and encrypting networked data
I have additional questions and comments, where can I go?
If you need more insight into the code of this demo, you can consult the Java source files located in the DataEncryption/src folder.
In addition, There are 2 privileged places you can go to: