Cipher Text

There are needs of wanting to encrypt and to manage individual information and the sensitive information safely. The encryption function is supported in Slim3, and supported encryption algorithm and field type are as follows:
  • Algorithm: AES (Advanced Encryption Standard)
  • Block cipher mode: CBC (Cipher Block Chaining)
  • Cipher key: 128bit (not supported 192 bit and 256bit)
  • Field type: java.lang.String, com.google.appengine.api.datastore.Text
The steps to encrypt the data of Bigtable is easy and is as follows:
  1. The field uses the annotation @Attribute(cipher = true).
  2. The cipher key is set to the Slim3 Datastore.
  3. Operation that uses Slim3 Datastore.
Example of defining Model as follows:
@Attribute(cipher=true)
private String myString;

@Attribute(cipher=true, lob=true)
private String myLobString;

@Attribute(cipher=true)
private Text myText;

Example of setting cipher key as follows:
Datastore.setLimitedCipherKey("hogehogehogehoge");

Datastore.setGlobalCipherKey("hogehogehogehoge");

The cipher key set with setLimitedCipherKey is maintained on ThreadLocal and used for the encryption and the decryption by a current thread. FrontController clears the cipher key on a current thread, and calls each controller afterwards. This method assumes the case where a cipher key different by each Controller is used. The cipher key set with setGlobalCipherKey is maintained in the static area, and used by all threads. FrontController doesn't clear the value set with setGlobalCipherKey. This method assumes the case where the cipher key is used by fixation in the system. LimitedCipherKey is prior to globalCipherKey. Moreover, when the value is both unset, the exception is thrown out. Please set 128bit (16 characters) to the cipher key. It becomes the specification of AES.

You can set the globalCipherKey's value in appengine-web.xml as follows:
<system-properties>
    <property name="slim3.cipherGlobalKey" value="hogehogehogehoge"/>
</system-properties>


The encryption and the decryption are executed automatically. All in-memory filters and sorts are supported to the encryption field. The query(non in-memory) filters which are supported to the encryption field are limited. Those are as follows:
  • EqualCriterion
  • IsNotNullCriterion
  • NotEqualCriterion
The query(non in-memory) sorts are not supported to the encryption field.

Next...



Comments