File Encryption Plugin 2.0
The aim of this plugin is to cipher uploaded files on the disk to prevent the administror or elsewere to read the content of these files if they have no habilitation to read them.
Be aware of the risk : the certificate must be available and backuped ! If it is lost, the content of the ciphered file is lost.
Be aware of the limitation : someone accessing to the total file system might get the certificate and decipher the files anyway.
Be aware of the limitation : All processing on document content will be desactivated (like index, viewer, pdf convert, ...)
Besides : ciphering files may cause performance issues. Keep it for little sensible files, not for big videos or zip files.
The algorythme used to cipher/decipher the files is AES 256 CBC.
Download the JCE Unlimited Strength Policy Files for your JDK at the Oracle Java SE Download Page.
Add in %JDK_HOME%/jre/lib/security the following jars :
Servlet Filter to decipher the files
Manually edit and modify the WEB-INF/web.xml file to add the content of WEB-INF/web.xml.jcmsplugin.fileencryption.delta .
Create the certificate
Create a PKCS#12 (PKCS#12 on Wikipedia) file with a private key optionnaly protected by a password.
To create a PKCS#12, you may find resources on Google such that this on.
Note that a PKCS#12 must be generated by a CA. You may either create your own auto-signed CA, or by a PKCS#12 at a known CA.
The following tutorial is a good introduction to cryptograph with Bouncy Castle (in french).
Configure the plugin
In the plugin administration interface, set the path in the file system to the PKCS#12 file and optionnaly the password, and restart the webapp.
In the plugin's properties, you can also limit documents that are cipher-able by file extension.