Canvas comes with secure Encryption and Decryption of data transferred between the client and the server to protect and to safeguard the data transferred. Canvas uses Symmetric-key cryptography, a class of cryptographic algorithms in which the same key is used to encrypt and decrypt messages. The secret key is decrypted by means of the shared public key using Diffie-Hellman Key Exchange algorithm and AES-GCM for encryption .
When you enable encryption, Canvas will encrypt all requests coming to your application including log out.
To enable encryption, perform the following steps:
Step 1: In systempreferences.properties (as defined in the Configuration of Default Descriptor) file, set ENCRYPT_SERVER_CALLS = Y.
Step 2: In web.xml, add the following filters that will encrypt and decrypt data shared between server and client.
<filter>
<filter-name>CanvasEncryptionFilter</filter-name>
<filter-class>
com.intellectdesign.canvas.servercomm.encryption.filters.CanvasEncryptionFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CanvasEncryptionFilter</filter-name>
<url-pattern>/WidgetControllerServlet</url-pattern>
</filter-mapping>
Step 3: In the web.xml, add the following servlet that will translate the cipher text to plain and plain text to cipher text during data transformation between server and client.
<servlet> <servlet-name>GetPublicKey</servlet-name> <servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.GetPublicKey </servlet-class> </servlet> <servlet-mapping> <servlet-name>GetPublicKey</servlet-name> <url-pattern>/GetPublicKey</url-pattern> </servlet-mapping> <servlet> <servlet-name>HandShakeServlet</servlet-name> <servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.HandShakeServlet </servlet-class> </servlet> <servlet-mapping> <servlet-name>HandShakeServlet</servlet-name> <url-pattern>/HandShakeServlet</url-pattern> </servlet-mapping>