From 0d2937e143eb61d15ff0e8b795850e273c11863e Mon Sep 17 00:00:00 2001 From: Govindas Date: Fri, 12 Feb 2021 12:59:28 +0200 Subject: [PATCH] Make encryption config more informative & some other things --- .../limework/rediskript/data/Encryption.java | 2 +- src/main/resources/config.yml | 20 +++++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/main/java/net/limework/rediskript/data/Encryption.java b/src/main/java/net/limework/rediskript/data/Encryption.java index 9401583..c044fd6 100644 --- a/src/main/java/net/limework/rediskript/data/Encryption.java +++ b/src/main/java/net/limework/rediskript/data/Encryption.java @@ -17,7 +17,7 @@ public class Encryption { public Encryption(Configuration config){ encryptionEnabled = config.getBoolean("Redis.EncryptMessages"); if (encryptionEnabled) { - // AES-128 encryption + // AES encryption encryptionKey = config.getString("Redis.EncryptionKey"); macKey = config.getString("Redis.MacKey"); } diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index 5749d4f..79a13a4 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -2,6 +2,8 @@ Redis: #a secure password that cannot be cracked, please change it! #it is also recommended to firewall your redis server with iptables so it can only be accessed by specific IP addresses Password: "yHy0d2zdBlRmaSPj3CiBwEv5V3XxBTLTrCsGW7ntBnzhfxPxXJS6Q1aTtR6DSfAtCZr2VxWnsungXHTcF94a4bsWEpGAvjL9XMU" + #hostname of your redis server, you can use free redis hosting (search for it online) if you do not have the ability to host your own redis server + #redis server is very lightweight, takes under 30 MB of RAM usually Host: "127.0.0.1" #must be 2 or higher, if you set to lower, the addon will automatically use 2 as a minimum #do not edit MaxConnections if you do not know what you're doing @@ -13,18 +15,28 @@ Redis: #9000 = 9 seconds TimeOut: 9000 #also known as SSL, only use this if you're running Redis 6.0.6 or higher, older versions will not work correctly - #it encrypts your traffic and makes data exchange between distant servers completely secure + #it encrypts your traffic and makes data exchange between distant servers secure useTLS: false - #may be useful if you cannot use TLS due to use of older version of Redis - #however this will not encrypt the initial authentication password, only the messages sent - #it uses AES-128 SIV encryption which is secure enough for this + #EncryptMessages may be useful if you cannot use TLS due to use of older version of Redis or if you're paranoid about privacy and want to double encrypt your messages + #however this will not encrypt the initial authentication password, only the messages sent (use TLS for initial authentication password encryption) + + #the encryption configuration must be the same across all servers in order to communicate + + #use 16 characters long key for AES-128 encryption + #32 characters long key for AES-256 encryption + #AES-128 is faster, but less secure (but it is not crackable by today's technology as of 2020, may be crackable by quantum computers) EncryptMessages: true + #EncryptionKey and MacKey must be different EncryptionKey: "16CHARACTERS KEY" MacKey: "16CHARACTERS KEY" + #the channels from which this server can receive messages #you can always send messages to all channels! #you can add as many channels as you wish! + +#ideal setup is having one global channel and having one channel that represents server name, so you know who to send messages to +#then a few other utility channels up to your needs Channels: - "global" - "servername"