Encryption

Odilon does not encrypt objects by default. In order to store data encrypted you have to initialize the encryption service.
The initialization process must be run only once, before starting using encryption. Objects uploaded before initializing the encryption service will continue to be accessible normally, but they will remain not encrypted.

Shutdown Odilon and execute the script:

Linux
./bin/enable-encryption.sh

Windows
.\bin\enable-encryption.bat

Odilon will generate two AES keys: encryption key and master Key.

Encryption Key

The encrytion key is a String that must be added to the 'odilon.properties' file in variable 'encryption.key'.

Example:
encryption.key = ff67a066008a498fff6335bb1187a4d64db04c8c661caa38b1e1ae8d93c0915c796d5165c06f439b76ba20d3

Master Key

The master key is used internally and secret, it is not required in 'odilon.properties' or anywhere else. However it may be required to restore the system in case some critical system files are accidental or intentionally deleted in the future, therefore it is recommended that you store it securely. (example 'Master Key -> 6a6cb6f8776f9fb61684dbd5cbe16e81')

odilon.properties

The next step is to edit the file odilon.properties:

				
# The encryption key is provided by Odilon when initializing the encryption service using the 
# enable-encryption.sh (Linux) or enable-encryption.bat (Windows) script.
encryption.enabled = true
encryption.key = ff67a066008a498fff6335bb1187a4d64db04c8c661caa38b1e1ae8d93c0915c796d5165c06f439b76ba20d3

and start Odilon normally.

The server will print Encryption enabled -> true on startup.

Regenerate encryption key

In case the encryption key is compromised or lost it is possible to generate a new encryption key.
To generate a new encryption key You will need the server's master key, just execute the script (in ./bin directory):

Windows
rekey-encryption.bat -m masterkey

Linux
./rekey-encryption.sh -m masterkey

Example (Windows): 

				.\rekey-encryption.bat -m 946529d6c7cce1a37af1c48e780dbaf11f3d9be7aaee52d09de8c0ac42a0dac5

The script will generate a new encryption.key that has to be added into the odilon.properties file, replacing the old encryption.key.

IMPORTANT

If you lose the master key you will not be able to generate a new encryption key.

Resources

Installation and configuration

Installation, Configuration and Operation on Windows

Installation, Configuration and Operation on Linux

Encryption

Version Control

Master-Standby replication

Configuring HTTPS

Java application development

Java Application Development with Odilon

Odilon SDK Javadoc

Odilon Java SDK - GitHub

Server design and development

Odilon Software Architecture

Odilon Server - GitHub

What is an Object Storage ?

Videos

Odilon installer for Windows - YouTube video (2 min)

Odilon how to enable encryption - YouTube video (1 min)

Odilon demo - YouTube video (4 min)