3 minute read
Note:
- This section is not applicable for the AEM Cloud Connector.
- This feature is available only when using the Content API Translation Connector for SDL TMS or the Content API Translation Connector for Lionbridge Freeway.
You can generate your own keys to encrypt and decrypt content you send for translation from the Lionbridge Connector for Adobe Experience Manager (“Connector for Adobe Experience Manager”) to either:
-
the Content API Translation Connector for SDL TMS (“Connector for SDL TMS”)
-
the Content API Translation Connector for Lionbridge Freeway (“Connector for Freeway”)
Before translation:
-
The Connector for Adobe Experience Manager uses the generated keys to encrypt the content once it is ready for translation.
-
The Connector for Adobe Experience Manager sends the encrypted content via the Content API Platform to the Connector for SDL TMS or to the Connector for Freeway.
-
Either:
-
The Connector for SDL TMS uses the generated keys to decrypt the content before sending it to SDL TMS.
-
The Connector for Freeway delivers encrypted content to Freeway.
-
After translation:
-
Relevant to SDL TMS only. The Connector for SDL TMS uses the generated keys to encrypt the translated content once it is ready to send back to Adobe Experience Manager.
-
The Connector for SDL TMS or the Connector for Freeway sends the encrypted content via the Content API Platform to the Connector for Adobe Experience Manager.
-
The Connector for Adobe Experience Manager uses the generated keys to decrypt the content before sending it to Adobe Experience Manager.
For instructions on configuring the Connector this feature, refer to the Lionbridge Connector for Adobe Experience Manager Installation and Configuration Guide.
Which encryption standards does the Connector support?
-
The Connector supports Java Cryptography Extension (JCE), which is an officially released Standard Extension to the Java Platform. This is described here: https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider.
-
The Connector supports the following Advanced Encryption Standards (AES):
Other requirements
-
Cipher: AES/CBC/PKCS5Padding
-
Initialization vector: 16 bytes, as required by AES (Advanced Encryption Standards), from a cryptographically strong random number generator.
How to set up your keystore
Use the following commands and options to set up your keystore.
keytool -genseckey -keystore C:\work\aem\6.5\ctc_data\ctctranslation_data\crypt\cttkeystore -storetype jceks -storepass mystorepass -keyalg DES -keysize 256 -alias cttkey -keypass secretpassword
Important: The keystore should be on a file system that is readable by the Connectors.
| Command and Options | Description |
|---|---|
| -genseckey | Generates a secret key and stores it in a new KeyStore.SecretKeyEntry identified by alias. |
| -keystore ctt-keystore -storepass mystorepass |
The location and filename of the keystore, and a password to protect it from unauthorized access. |
| -storetype jceks | The keystore type for storing AES (Advanced Encryption Standards) keys. Important: When generating keys, do not enter other values. Other values are not supported. |
| -keyalg AES | The algorithm for generating the key pair. Important: When generating keys, do not enter other values. Other values are not supported. |
| -keysize 256 | The size of the key. |
| -alias cttkey -keypass secretpassword | The key alias/password pair for retrieving the key entry from the keystore. The Connectors use this pair. |
You can use the above commands to add additional keys to an existing keystore.
For detailed instructions, refer to: https://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.
How to encrypt and decrypt content
Use the Java keytool utility to generate, store, and retrieve keys. For detailed instructions, refer to: https://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.