Class AESBinaryManager

  • All Implemented Interfaces:

    public class AESBinaryManager
    extends LocalBinaryManager
    A binary manager that encrypts binaries on the filesystem using AES.

    The configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2. This configuration comes from the <property name="key">...</property> of the binary manager configuration.

    The configuration has the form key1=value1,key2=value2,... where the possible keys are, for keystore use:

    • keyStoreType: the keystore type, for instance JCEKS
    • keyStoreFile: the path to the keystore, if applicable
    • keyStorePassword: the keystore password
    • keyAlias: the alias (name) of the key in the keystore
    • keyPassword: the key password

    And for PBKDF2 use:

    • password: the password

    To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password using PBKDF2 (in which case each stored file contains a different salt for security reasons). The file format is described in storeAndDigest(InputStream, OutputStream).

    While the binary is being used by the application, a temporarily-decrypted file is held in a temporary directory. It is removed as soon as possible.