Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Institutions wishing to bootstrap their databases, and encrypt sensitive values afterwards will find great value in the post-load-encrypt target provided in build.xml.

The import tool provided with the distribution does not handle encryption of data. It takes the values in the XML files and inserts them literally into the database. So, if you have data which needs to be encrypted, you can either pre-encrypt it before creating the XML files (or insert using your own mechanism/tools) or use this post-load encryption process.

Be Careful

Institutions planning on implementing a encryption algorithm different than the demonstration-grade encryption, must be implement the custom algorithm before performing the Post Data-Load Encryption.
Also, the encrypted data in the demo dataset is encrypted using the demonstration encryption service using the encryption key in the default kfs-build.properties. If you want to change the encryption style on your demo instance, you will need to develop a process to extract and re-encrypt the appropriate columns.

Usage of the target is very straightforward:

  1. .properties file must be created, that lists all of the attributes of a given class that must be encrypted. See the example file below.
  2. All properties to be encrypted must have conversion="org.kuali.rice.kns.util.OjbKualiEncryptDecryptFieldConversion" as part of their <field-descriptor> in OJB. (You will be told if this is not the case.)
  3. The path to the newly-created .properties file must be listed in the kfs{{-build.properties}} file, for the build target to work properly. See the configuration properties page.
  4. Using Eclipse or ant, run the dist-local target, followed by the post-load-encrypt target.

File Structure

post-load-encrypt uses a standard .properties file to load its set of attributes to encrypt. The format followed is as such:

fieldsToEncrypt.properties
#Proper format:
businessObjectClassName = list,of,attributes,that,need,to,be,encrypted

#Example Entry:
org.kuali.module.financial.bo.BankAccount=finDocumentBankAccountNumber

 

 

Kuali documentation is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. 

Kuali software is licensed for use pursuant to the Affero General Public License, version 3.

 Copyright © 2014 Kuali, Inc. All rights reserved. 

Portions of Kuali are copyrighted by other parties as described in the Acknowledgments screen. 

Kuali ® is a registered trademark of the Trustees of Indiana University.

  • No labels