Class AESBlobProvider

  • All Implemented Interfaces:

    public class AESBlobProvider
    extends LocalBlobProvider
    A blob provider that encrypts binaries on the filesystem using AES.

    To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password using PBKDF2 (in which case each stored file contains a different salt for security reasons). The on-disk file format is described in AESBlobStore.EncryptingOutputStream.

    The blob provider configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2.

    For keystore use, the following properties are available:

    • keyStoreType: the keystore type, for instance JCEKS
    • keyStoreFile: the path to the keystore, if applicable
    • keyStorePassword: the keystore password
    • keyAlias: the alias (name) of the key in the keystore
    • keyPassword: the key password

    And for PBKDF2 use:

    • password: the password

    For backward compatibility, the properties can also be included in the <property name="key">prop1=value1,prop2=value2,...</property> of the blob provider configuration.