7.11 External data

The data from the other systems is the external data relative to the current system, which is called for short as external data. In general, the external data needs the guaranty of the integrity or confidentiality. Data exchange between the trusted systems is the exchange of external data. The key distribution system estabilishes a trust relationship between systems, and the assigned key can be used to sign or encrypt the application data. Here an external data representation module is provided to complete such a task.

  • 7.11.1 Programming interface

    • limax.key.ed.Transformer

      Data conversion object encodes and decodes the external data.

      Constructor:

      • Transformer(KeyAllocator keyAllocator)

        Create the Transformer object based on Key allocator.

      • Transformer(Map<URI, byte[]> keyAllocator)

        The keyAllocator of Map object is regarded as a Key allocator, creating the Transformer object. Providing such a method can simply debugging, and also meets the application requirement in an extremely simple environment. The Map object here is not a copy but direct reference. So after creating Transformer object, it can modify the Map. In this case, it is recommended to use ConcurrentHashMap to avoid concurrency exception.

        In particular, the URI here allows that the external data of fragment configuration is set as timeout. For example, G0#10s, which promises that the external data 10s timeout of group G0 encoding is used, and the permitted units are s, m, h, respectively, seconds, minutes, hours. If there is no unit, the default is milliseconds. If the fragment does not exist or the parsing fails, the timeout is not detected. Fragment is not part of the group. A timeout was detected when decoding external data, throwing limax.key.KeyException with type ServerRekeyed.

      Member function:

      • ByteArrayCodecFunction getEncoder(URI uri, KeyProtector keyProtector, Compressor compressor)

        Obtain an encoding function object and use this object to perform the encoding operation. To encode the original data, first perform compression using the algorithm specified by the compressor, then assign the key using the group specified by uri, and finally encrypt or sign using the algorithm specified by keyProtector. Any exceptions during execution are converted to CodecException to throw.

      • ByteArrayCodecFunction getDecoder()

        Obtain a decoding function object and use this object to perform the decoding operation. The related information of uri, keyProtector, and compressor has been packaged in the encoding result during the encoding process, so no parameters are required to obtain the decoder. Any exceptions during execution are converted to CodecException to throw.


    • limax.key.ed.Compressor

      Enum type specifies the compression method. If the data size after compression does not decrease, automatically output the uncompressed format.

      • NONE

        Not compressed.

      • RFC2118

        Use limax.codec.RFC2118Encode and limax.codec.RFC2118Decode to execute the compression and decompression.

      • ZIP

        Use java.util.zip.Deflater and limax.util.zip.Inflater to execute the compression and decompression.


    • limax.key.ed.KeyProtector

      Enum type specifies the signature or encryption method.

      • HMACSHA224

      • HMACSHA256

      • HMACSHA384

      • HMACSHA512

      • TripleDESCBC

      • AESCBC128

      When decoding, if a signature is detected as failed, a CodecException is thrown, which wraps SignatureException.

  • 7.11.2 Application considerations


    • 1. When most systems share data, they need to identify the source of data. According to the design practice of the safety system, the certificate chain can be packaged and transmitted, providing the source identification. The certificate chain packaging support is not provided here for the following reasons.

      • 1.1. A piece of data has a certificate chain, which causes the large space spending.

      • 1.2. Even if the certificate chain is provided, it can not guarantee the authenticity of the source. If there is a malicious system in the trusted system, at least this malicious system can replace any data source with itself. (If a simple certificate chain is included, it can be replaced with any certificate chain. If a Challenge mechanism with random string is provided in design, the private key is used to sign the random string to replace itself.)

      • 1.3 Seen from the previous statement, in fact, the identification provided by certificate chain is unforgeable in the trust system with only two participates.

    • 2. The trust system should carefully define the data format of the exchange according to the specific requirement, provide such information as source identification, timestamp, and expiration date.

    • 3. For simplicity, signature and encryption are implemented as two options in KeyProtector. In realistic application such as IPSEC, although AH/ESP supports simultaneous use, no one uses this way most of the time.


Prev Next