Corda 5 Developer Preview 2 is now available.

Obfuscation configuration file changes

When you work with obfuscated configuration files, note the following:

  1. Use the Corda Enterprise Configuration Obfuscator tool. See Configuration Obfuscator for more information.

  2. The updated arguments, required to run the service with obfuscation options, are as follows:

  • --config-obfuscation-passphrase[=<cliPassphrase>] - the passphrase used in the key derivation function when generating an AES key.

  • --config-obfuscation-seed[=<cliSeed>] - the seed used in the key derivation function to create a salt.

  1. If the configuration for the given service is obfuscated, one or both of --config-obfuscation-passphrase and --config-obfuscation-seed must be defined, or the service will not know that the configuration is obfuscated.

    If one of the above values are defined, the other one will default to the same value as in the Corda Enterprise Configuration Obfuscator tool. For example, if a configuration is obfuscated with the default seed and passphrase via the Corda Enterprise Configuration Obfuscator tool, the seed or the passphrase still has to be defined when running the CENM service.

    As the default seed in the Corda Enterprise Configuration Obfuscator tool is Corda, the service should be run with the --config-obfuscation-seed=Corda option.

  2. If a configuration is uploaded to Zone Service and it contains an obfuscated password property inside ssl.keyStore, then the keyPassword property should be provided and obfuscated as well. See the examples below.

    Obfuscated configuration that will be acepted:

     ```ssl {
     ...
         keyStore {
             ...
             keyPassword="<{4OfEUdZ4bJwmJKbh7hLLMU+Yt+OYBvQo3TfyqDe9odE=:K05YPAm2ZWabN4gghcIWkCqDxmPPVmiR}>"
             password="<{RphkU+W9fTUKYjD4ss+0lclIvrKh+QdoAMKHe8f1rhs=:gIt5CroFf3XlXsfTA28O3btzlP+JYXXV}>"
             ...
         }
     ...
     }```
    

    Obfuscated configuration that will not be accepted:

     ```ssl {
     ...
         keyStore {
             ...
             password="<{RphkU+W9fTUKYjD4ss+0lclIvrKh+QdoAMKHe8f1rhs=:gIt5CroFf3XlXsfTA28O3btzlP+JYXXV}>"
             ...
         }
     ...
     }```
    
  3. You can obfuscate CENM 1.1 and 1.2 configuration files with CENM 1.3 (and above), but for any further obfuscation, use the new version of the Configuration Obfuscator tool.

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.