The Jeyzer Recorder can secure the JZR recording by encrypting the Jeyzer snapshots and the process card file at generation time.
Important : this security feature requires to own a valid Jeyzer Monitor commercial license.
Without it, the Jeyzer Analyzer will not be able to decrypt the recording.
The Jeyzer recorder encrypts the recording using an AES 128 key.
AES key is itself secured through RSA.
AES key is either :
- Dynamic : AES key is provided as part of the recording, in the
jzr-recording.keyfile.
The RSA public key used to encrypt the AES key is stored locally in thedynamic/master-public.keyfile.
The Jeyzer password manager permits to generate the RSA public key.
Choose this encryption method if the Jeyzer Recorder is not running in a safe environment or if you consider that the recording is highly confidential.
- Static : encrypted AES key is kept locally.
The AES key is already encrypted at installation time and deployed on both Jeyzer Analyzer and Recorder sides.
Each side owns a Jeyzer RSA public key which permits to decrypt the AES key.
The Jeyzer password manager permits to generate the encrypted AES key.
Choose this encryption method if only the communication channel between the Jeyzer Recorder and the Jeyzer Analyzer must be secured.
Configuration
Security configuration is enabled in the <recording profile>_advanced_mx.xml file.
Comment out the security section to activate and reference the security.xml.
A default security configuration file, security.xml, is provided in standard.
in the recorder/config/security directory of your Jeyzer installation.
In this configuration file, the mode determines the encryption mode and the AES key handling as detailed previously. It is set with either the dynamic or static value.
If static, the path to the encrypted AES key (encrypted_key_file) must be set.
If dynamic, the path to the RSA master private key (master_private_key_file) must be set.
<security>
<encryption mode="dynamic">
<static encrypted_key_file="${JEYZER_RECORD_CONFIG_DIR}/security/static/encryption.key"/>
<dynamic master_public_key_file="${JEYZER_RECORD_CONFIG_DIR}/security/dynamic/master-public.key"/>
</encryption>
</security>