Encryption and Decryption Support

Canvas comes with secure Encryption and Decryption of data transferred between the client and the server to protect and to safeguard the data transferred. Canvas uses Symmetric-key cryptography, a class of cryptographic algorithms in which the same key is used to encrypt and decrypt messages. The secret key is established between the client and the server using Diffie-Hellman key exchange mechanism, post which, the actual encryption takes place with this secret key using AES-GCM encryption algorithm.

To enable encryption, perform the following steps:

Step 1: In systempreferences.properties (as defined in the Configuration of Default Descriptor) file, set ENCRYPT_SERVER_CALLS = Y.

Step 2: In web.xml, add the following filters that will encrypt and decrypt data shared between server and client.

<filter>
	<filter-name>CanvasEncryptionFilter</filter-name>
	<filter-class>	
        com.intellectdesign.canvas.servercomm.encryption.filters.CanvasEncryptionFilter
	</filter-class>
</filter>
<filter-mapping>
	<filter-name>CanvasEncryptionFilter</filter-name>
	<url-pattern>/WidgetControllerServlet</url-pattern>
</filter-mapping>

Step 3: In the web.xml, add the following servlet that will translate the cipher text to plain and plain text to cipher text during data transformation between server and client.

<servlet>
	<servlet-name>GetPublicKey</servlet-name>
	<servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.GetPublicKey
	</servlet-class>
</servlet>
<servlet-mapping>
	<servlet-name>GetPublicKey</servlet-name>
	<url-pattern>/GetPublicKey</url-pattern>
</servlet-mapping>
<servlet>
	<servlet-name>HandShakeServlet</servlet-name>
<servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.HandShakeServlet
</servlet-class>
</servlet>
<servlet-mapping>
	<servlet-name>HandShakeServlet</servlet-name>
	<url-pattern>/HandShakeServlet</url-pattern>
</servlet-mapping>