Versions Compared

Old Version 23

changes.mady.by.user Dirk Fernholz

Saved on

compared with

New Version 24

changes.mady.by.user Dirk Fernholz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There are no special requirements for using the encryption service. Only configuration of the service is necessary. The service can be configured individually for repositories. When encryption is enabled, documents that are already unencrypted can no longer be found in this repository. Only one included encryption algorithm is currently supported: AES/GCM/NoPadding

...

Configuration

The encryption service is addressed via the repository (here using the CE repository as an example).

CE.encryptionservice.type=aes_gcm
CE.encryptionservice.aes_gcm.secret=<please use a key for encryption>

It makes sense that the secret is stored as an alias in the keystore, which points to a password in the KeystoreService https://kgs-software.atlassian.net/wiki/spaces/DOCUEN/pages/1671659521/Encryption+Service#Einrichten-des-Keystores. If no keystore is used, the secret must be entered here in plain text.

Caution: Changing the secret is currently not possible, but can be implemented if necessary.

During encryption, a random vector is initially generated, which ensures that the same content is encrypted differently. This vector is placed in front of the encrypted data stream because it is needed again for decryption. Depending on the process, the size of the original file increases by up to 32 bytes, i.e. a different content length appears on the storage system.

Einrichten des Keystores

Für das Speichern der Secrets sollte in Autodigit der Keystore-Service eingerichtet sein (im Beispiel für das Repository CESetting up the keystore

The keystore service should be set up to store the secrets (in the example for the CE repository):

CE.keystoreservice.type = pkcs12
CE.keystoreservice.pkcs12.name = ce-ks.p12
CE.keystoreservice.pkcs12.path = C:/autodigit/config/CE
Das Anlegen des Keystores kann durch unterschiedliche Methoden erfolgen:
- mit der tia core- Sap-HTTP Schnittstelle (ContentServer) wird dieser automatisch erzeugt (für die Ablage der Zertifikate mit
The keystore can be created in different ways:

  • Automatically with tia core Sap HTTP (ContentServer) (when storing certificates with keystore type pkcs12_storage)

...

  • Manually using a tool from kgs (autodigit-create-keystore.jar)

...

...

Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@28a7b0
showSpacefalse
sortmodified
typepage
reversetrue
labelskb-how-to-article
cqllabel = "kb-how-to-article" and type = "page" and space = "WIKI"

...