Encryption
Odilon does not encrypt objects by default.
In order to store data encrypted you have to initialize the encryption service. The initialization process must be run only once, before starting using encryption:
Shutdown Odilon and execute the script:
Linux
./bin/enable-encryption.sh
Windows
.\bin\enable-encryption.bat
Odilon will generate two AES keys: encryption key and master Key.
enable-encryption.bat screenshot (Windows)
Encryption Key
The encrytion key is a String of 56 characters that must be added to the 'odilon.properties' file in variable 'encryption.key'.
Example:
encryption.key = 317da5604b9bedeeac0602e1165a9ddfff5aaa534adb9f31f0967c77
Master Key
The master key is String of 32 characters, it is used internally and secret, it is NOT required in 'odilon.properties' or anywhere else. However it may be required to restore the system in case some critical system files are accidental or intentionally deleted in the future, therefore it is recommended that you store it securely. (example 'Master Key -> 6a6cb6f8776f9fb61684dbd5cbe16e81')
odilon.properties
The next step is to edit the file odilon.properties:
# The encryption key is provided by Odilon when initializing the encryption service using the
# enable-encryption.sh (Linux) or enable-encryption.bat (Windows) script.
encryption.enabled = true
encryption.key = 317da5604b9bedeeac0602e1165a9ddfff5aaa534adb9f31f0967c77
and start Odilon normally.
The server will print Encryption enabled -> true on startup.
Regenerate encryption key
In case the encryption key is compromised or lost it is possible to generate a new encryption key.
To generate a new encryption key You will need the server's master key, just execute the script (in ./bin directory):
Windows
rekey-encryption.bat -m masterkey
Linux
./rekey-encryption.sh -m masterkey
Example (Windows):
.\rekey-encryption.bat -m 663480aab0a93a1459d91a649cf12408
The script will generate a new encryption.key that has to be added into the odilon.properties file, replacing the old encryption.key.