Gdpr compliance
Overview
Since the Gdpr regulation requires the ciphering of the sensible data, Portofino 4.2.4 has an automatic ciphering and deciphering mechanism using the AES ciphering algorithm. This is provided thanks to the KeyManager class and CryptoService Class.
The KeyManager class reads and manages the keys used in the ciphering.
You can choose between the symmetric algorithm or the asymmetric one.
With the symmetric algorithm you have to set a password from which a symmetric key will be generated and the data managed by Portofino will be automatically ciphered and deciphered with this symmetric key.
If you choose the asymmetric one, you have to own a public and private key pair. A symmetric key is generated for every user and stored into the db together with the user's data.
For this reason you have to override the KeyManager class in order to retrieve and manage the user's corresponding symmetric key from the db for ciphering and deciphering his data.
The CryptoService class is useful to cipher and decipher single fields in case that you manually extract data from the db.
Here are the steps to obtain the activation of the cryptographic method:
- In portofino.properties you have to set the type of algorithm, the key's path and if you want to delete the key after reading it:
com.manydesigns.crypto.passphrase = keypath
com.manydesigns.crypto.algrorithm = SIM/ASIM
com.manydesigns.crypto.delete.key = true/false - Implement Java class EncryptDecrypt that implements FieldEncrypter with ciphering and deciphering methods and put it into the package:
com.manydesigns.elements.annotations
- In the portofino-model of the involved tables insert the following annotation in the fields' annotation part:
<annotation type="com.manydesigns.elements.annotations.Encrypted"> <value>com.manydesigns.elements.annotations.EncryptDecrypt</value>
</annotation>
For blobs fields you have to set the annotation:
<annotation type="com.manydesigns.elements.annotations.Encrypted">
</annotation>
In all parts where manual queries take place (for example pdf or excel export) you have to manual cipher/decipher the fields with the CryptoService class already present in Portofino.
If you want to set shortName to ciphered fields you can implement a Java class with static method that deciphers the input String and returns it. Then in the table model you have to put:
shortName="%{@package.className@methodName(params)}"