Encrypted content store properties - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

There are a number of properties that need to be set for the Encrypted content store.

Set these properties in the alfresco-global.properties file.

Property Description
filecontentstore.subsystem.name Enables the Encrypted Content Store subsystem, for example, encryptedContentStore.
cryptodoc.jce.providerName Specifies the Java security provider name. If left blank, it indicates using the default provider. You can also select your own provider by setting this property to the provider class name. If a specific provider name is not set, the system selects the most preferred provider.
cryptodoc.jce.keystore.type Specifies the keystore type, for example, jceks.
cryptodoc.jce.keystore.path Specifies the path to the keystore containing the master keys, for example, /opt/alfresco/my_key.jks.
cryptodoc.jce.keystore.password Specifies the keystore password, for example, password.
cryptodoc.jce.key.aliases Specifies a comma-separated list of the aliases/names of the master keys in the master keystore, for example, mkey1,mkey2. These are the aliases used with the keygen tool, for example, encstore.
cryptodoc.jce.key.passwords Specifies a comma-separated list of passwords used to load the keys from the master key store. The position of the password matches the position of the corresponding key alias in the cryptodoc.jce.key.aliases property. This password is used with the keytool command and can be different from the master password. For example, password,password.
cryptodoc.jce.keygen.defaultSymmetricKeySize Specifies the key size to use for the symmetric keys that are used to encrypt/decrypt document content. Note: The default symmetric key size is 128 bits. Users who want better key strength should download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for the JRE.
cryptodoc.jce.keygen.defaultSymmetricAlgorithm Specifies the symmetric key algorithm.The following properties are used to re-encrypt symmetric keys (for master key revocation).
cryptodoc.symmetricKey.reencryption.batch.size Specifies the number of symmetric keys re-encrypted in each batch, for example, 200.
cryptodoc.symmetricKey.reencryption.numThreads Specifies the number of threads to use to perform re-encryption, for example, 4.

The keystore path, password, aliases and their password are the common properties you can overwrite to configure Encrypted Content Store using the alfresco-global.properties file.