Closed timpokorny closed 6 years ago
Work completed and on central RTI branch.
Symmetric key encryption now supported on all connections via RID configuration.
For any connection you can specify the following
# (R.6b) Symmetric Encryption Settings
#
# Let the connection make use of a shared-key for encryption
#
# NOTE: Only one of Public Key or Symmetric options can be enabled at once.
#
# Enabled: Is encryption on or off?
# Keylen: Bit-length of federation shared key. 128-bit is the default, higher values
# require the use of the Java unlimited strength policies (google it)
# Cipher: Cipher configuration string used in create Cipher. Only supports AES currently.
# Key: The pre-shared key. Must be the same on all ends
#
rti.network.tcp.sharedkey.enabled = false
rti.network.tcp.sharedkey.keylen = 128
rti.network.tcp.sharedkey.cipher = AES/CFB/NoPadding
rti.network.tcp.sharedkey.key = password
Summary
To support encrypted communications (#240), all
data
messages sent by a federate will be encrypted with a symmetric session key that is randomly generated when the federate joins a federation.To decrypt this traffic, a receiving federate must request the session key from the RTI (a request which may or may not be granted).
For this ticket we will implement the encryption and decryption process as well as the key solicitation and caching.
The diagram below shows the full process, from handshake (#242) down. This ticket only implements the data exchange portion:
Acceptance Criteria
Once complete, Portico shall: