Canvas comes with secure Encryption and Decryption of data transferred between the client and the server to protect and to safeguard the data transferred. Canvas uses Symmetric-key cryptography, a class of cryptographic algorithms in which the same key is used to encrypt and decrypt messages. The secret key is established between client and server using the Diffie-Hellman key exchange mechanism, post which, the actual encryption takes place with this secret key using AES-GCM encryption algorithm.
When you enable encryption, Canvas will encrypt all requests coming to your application including log out.
To enable encryption, perform the following steps:
Step 1: In systempreferences.properties (as defined in the Configuration of Default Descriptor) file, set ENCRYPT_SERVER_CALLS = Y.
Step 2: In web.xml, add the following filters that will encrypt and decrypt data shared between server and client.
<filter> <filter-name>CanvasEncryptionFilter</filter-name> <filter-class> com.intellectdesign.canvas.servercomm.encryption.filters.CanvasEncryptionFilter </filter-class> </filter> <filter-mapping> <filter-name>CanvasEncryptionFilter</filter-name> <url-pattern>/WidgetControllerServlet</url-pattern> </filter-mapping>
Step 3: In the web.xml, add the following servlet that will translate the cipher text to plain and plain text to cipher text during data transformation between server and client.
<servlet> <servlet-name>GetPublicKey</servlet-name> <servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.GetPublicKey </servlet-class> </servlet> <servlet-mapping> <servlet-name>GetPublicKey</servlet-name> <url-pattern>/GetPublicKey</url-pattern> </servlet-mapping> <servlet> <servlet-name>HandShakeServlet</servlet-name> <servlet-class> com.intellectdesign.canvas.servercomm.encryption.servlets.HandShakeServlet </servlet-class> </servlet> <servlet-mapping> <servlet-name>HandShakeServlet</servlet-name> <url-pattern>/HandShakeServlet</url-pattern> </servlet-mapping>