...
The encryption service is addressed via the repository (here using the CE repository as an example).
| Code Block |
|---|
CE.encryptionservice.type=aes_gcm |
...
CE.encryptionservice.aes_gcm.secret=<please use a key for encryption> |
It makes sense that the secret is stored as an alias in the keystore, which points to a password in the KeystoreService. If no keystore is used, the secret must be entered here in plain text.
| Note |
|---|
Caution: Changing the secret is currently not possible, but can be implemented if necessary. |
During encryption, a random vector is initially generated, which ensures that the same content is encrypted differently. This vector is placed in front of the encrypted data stream because it is needed again for decryption. Depending on the process, the size of the original file increases by up to 32 bytes, i.e. a different content length appears on the storage system.
...