Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Binary Encryption Issue

Go to answer
Rahul_Mittal
Champ in-the-making
Champ in-the-making

‎04-24-2020 01:51 AM

I have added below lines in nuxeo.conf nuxeo.core.binarymanager=org.nuxeo.ecm.core.blob.binary.AESBinaryManager nuxeo.core.binarymanager_key=password=mypassword

I was already having some files already available in binaries folder which were in plain format (not encrypted). So i tried to create document with encryption then i am getting Invalid Type (Bad Magic) exception . it is because the MD5 which is getting generated with encryption technique is already available in plain format (with out encryption) in binary folder.

and it is giving issue in below line:- **protected void decrypt(InputStream in, OutputStream out) throws IOException { byte[] magic = new byte[FILE_MAGIC.length]; IOUtils.read(in, magic); if (!Arrays.equals(magic, FILE_MAGIC)) { throw new IOException("Invalid file (bad magic)"); } ** Resolution on my end:-

I have deleted content of binary/data folder and deleted the folder structure from webUi ex: XXX/workspaces/YYY and created doc with encryption it is working fine.

PROBLEM:

So I want to know is there any possibility that we can bring AESEncryption on demand . so it will not hamper already generated file in plain format. If i want to remove encryption i can remove it. and is there any possibility i can apply encryption on tenant specific.

0 Kudos
1 ACCEPTED ANSWER

Go to answer
Rodri_
Star Contributor
Star Contributor

‎04-28-2020 02:38 AM

Hello,

adding the two lines to nuxeo.conf is the generic way to implement binary encryption, but it is the least flexible, since encryption is applied to all binaries without exception. This causes problems if there are already "plain" binaries, or if you don't want to encrypt all future binaries.

In this case, you will need to define BlobDispatchers and BlobProviders. I recommend you to read the following: https://doc.nuxeo.com/nxdoc/file-storage/

When you do something with a document (like creating it or download it), the BlobManager will decide what to do. The BlobManager will evaluate the conditions over all the BlobDispatchers, and it will select the desired BlobProvider. For example, you can use a custom property to encrypt binaries:

<extension target="org.nuxeo.ecm.core.blob.DocumentBlobManager" point="configuration">
	<blobdispatcher>
		<class>org.nuxeo.ecm.core.blob.DefaultBlobDispatcher</class>
		<property name="custom:encrypted=true">encrypted</property>
		<property name="default">default</property>
	</blobdispatcher>
</extension>

In the "name" inside the "property" tag you put the condition that must be true in order to use that BlobProvider. Remember not to forget the "default" BlobDispatcher pointing to the "default" BlobProvider! And then just define the BlobProvider:

<extension target="org.nuxeo.ecm.core.blob.BlobManager" point="configuration">
	<blobprovider name="encrypted">
		<class>org.nuxeo.ecm.core.blob.binary.AESBinaryManager</class>
		<property name="key">password=secret</property>
	</blobprovider>
</extension>

I hope it helps!

Regards.

View answer in original post

9 REPLIES 9

Go to answer
Rodri_
Star Contributor
Star Contributor

‎04-28-2020 02:38 AM

Hello,

adding the two lines to nuxeo.conf is the generic way to implement binary encryption, but it is the least flexible, since encryption is applied to all binaries without exception. This causes problems if there are already "plain" binaries, or if you don't want to encrypt all future binaries.

In this case, you will need to define BlobDispatchers and BlobProviders. I recommend you to read the following: https://doc.nuxeo.com/nxdoc/file-storage/

When you do something with a document (like creating it or download it), the BlobManager will decide what to do. The BlobManager will evaluate the conditions over all the BlobDispatchers, and it will select the desired BlobProvider. For example, you can use a custom property to encrypt binaries:

<extension target="org.nuxeo.ecm.core.blob.DocumentBlobManager" point="configuration">
	<blobdispatcher>
		<class>org.nuxeo.ecm.core.blob.DefaultBlobDispatcher</class>
		<property name="custom:encrypted=true">encrypted</property>
		<property name="default">default</property>
	</blobdispatcher>
</extension>

In the "name" inside the "property" tag you put the condition that must be true in order to use that BlobProvider. Remember not to forget the "default" BlobDispatcher pointing to the "default" BlobProvider! And then just define the BlobProvider:

<extension target="org.nuxeo.ecm.core.blob.BlobManager" point="configuration">
	<blobprovider name="encrypted">
		<class>org.nuxeo.ecm.core.blob.binary.AESBinaryManager</class>
		<property name="key">password=secret</property>
	</blobprovider>
</extension>

I hope it helps!

Regards.

Go to answer
Ankush_Bandil
Confirmed Champ
Confirmed Champ
In response to Rodri_

‎04-29-2020 08:14 AM

[Rodri ](https

0 Kudos

Go to answer
Ankush_Bandil
Confirmed Champ
Confirmed Champ
In response to Rodri_

‎04-29-2020 10:28 AM

[Rodri ](https

0 Kudos

Go to answer
Rodri_
Star Contributor
Star Contributor
In response to Rodri_

‎04-29-2020 01:12 PM

You have to take in mind that, with the code above, you are saying that only documents with the property "dc

0 Kudos

Go to answer
Rahul_Mittal
Champ in-the-making
Champ in-the-making
In response to Rodri_

‎04-30-2020 01:53 AM

Hi Rodri ,

0 Kudos

Go to answer
Rodri_
Star Contributor
Star Contributor
In response to Rodri_

‎04-30-2020 02:33 AM

Hello.

0 Kudos

Go to answer
Rahul_Mittal
Champ in-the-making
Champ in-the-making
In response to Rodri_

‎04-30-2020 02:11 PM

Hi Rodri,

0 Kudos

Go to answer
Ankush_Bandil
Confirmed Champ
Confirmed Champ
In response to Rodri_

‎05-06-2020 09:51 AM

Hi [Rodri ](https

0 Kudos

Go to answer
Florent_Guillau
World-Class Innovator
World-Class Innovator
In response to Rodri_

‎05-06-2020 01:08 PM

It seems there's a confusion in these comments about Repository vs Blob Provider. A Repository is the toplevel entity in which documents (and their metadata) are stored. A Blob Provider is an entity that knows how to store and retrieve blobs. By default there is one Blob Provider per Repository, but using a Blob Dispatcher you can associate rules to a Repository to dispatch blobs to one of several Blob Providers. See https

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC