JasperReports Server uses cryptographic keys internally to secure sensitive content such as database passwords in the configuration and user passwords in the database and export catalogs. The keys are used to encrypt information before storage and decrypt it upon retrieval.
The keys themselves are sensitive security items that must be carefully stored and safguarded. A keystore is a standard file that holds keys and protects them with passwords. The Java Cryptography Architecture (JCA) provides the ciphers and the protocols that protect the keys and the keystore. Administators use the command-line keytool to manage keys in the keystore, and the server accesses keys as permitted through Java APIs.
As of JasperReports Server 7.5, key and keystore management has been updated to improve consistency and secure all sensitive server and user data inside and outside the server application. Administrators should become familiar with the new procedures and how to upgrade keys and the keystore from previos versions if necessary.
Because the keystore and keys are created during installation, the user account that performs the installation is the owner of the keystore file and holder of the keystore passwords. If either the keystore or its passwords are lost, the server can no longer function and the data it contains may become inaccessible, so be sure to keep backup copies.
This chapter contains the following sections:
• | Managing Keys During Installation |
• | Managing Keys for Import and Export |
• | Sharing Custom Keys |
• | Configuring Encryption |
Recommended Comments
There are no comments to display.