Versions Compared

Version Old Version 5 New Version Current
Changes made by

kiran.kumari@intellectdesign.com (Unlicensed)

Mahisha Chandrakumar CTOO

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Canvas comes with secure Encryption and Decryption of data transferred between the client and the server to protect and to safeguard the data transferred. Canvas uses PublicSymmetric-key cryptography(also known as asymmetric cryptography) is , a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signaturein which the same key is used to encrypt and decrypt messages. The secret key is established between the client and the server using Diffie-Hellman key exchange mechanism, post which, the actual encryption takes place with this secret key using AES-GCM encryption algorithm.

Note

When you enable encryption, Canvas will encrypt all requests coming to your application including log out.

To enable encryption, perform the following steps:

Step 1In the systempreferences.properties (as defined in the Configuration of Default Descriptor) file, set ENCRYPT_SERVER_CALLS = Y.

Step 2In the web.xml, add the following filters that will encrypt and decrypt data shared between server and client.

Code Block
languagexml
<filter>
	<filter-name>EncryptionRequestFilter<name>CanvasEncryptionFilter</filter-name>
	<filter-class>	
        com.intellectdesign.canvas.servercomm.encryption.filters.EncryptionRequestFilterCanvasEncryptionFilter
	</filter-class>
</filter>
<filter-mapping>
	<filter-name>EncryptionRequestFilter<name>CanvasEncryptionFilter</filter-name>
	<url-pattern>/WidgetControllerServlet</url-pattern>
</filter-mapping>
<filter>
	<filter-name>EncryptionResponseFilter</filter-name>
	<filter-class>com.intellectdesign.canvas.servercomm.encryption.filters.EncryptionResponseFilter
	</filter-class>
</filter>
	<filter-mapping>
	<filter-name>EncryptionResponseFilter</filter-name>
<url-pattern>/WidgetControllerServlet</url-pattern>
</filter-mapping>

Step 3: In the web.xml, add the following servlet that will translate the cipher text to plain and plain text to cipher text during data transformation between server and client. 

Code Block
languagexml
<servlet>
	<servlet-name>GetPublicKey</servlet-name>
	<servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.GetPublicKey
	</servlet-class>
</servlet>
<servlet-mapping>
	<servlet-name>GetPublicKey</servlet-name>
	<url-pattern>/GetPublicKey</url-pattern>
</servlet-mapping>
<servlet>
	<servlet-name>HandShakeServlet</servlet-name>
<servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.HandShakeServlet
</servlet-class>
</servlet>
<servlet-mapping>
	<servlet-name>HandShakeServlet</servlet-name>
	<url-pattern>/HandShakeServlet</url-pattern>
</servlet-mapping>

...