Make encryption config more informative & some other things
This commit is contained in:
parent
0ea7816fa8
commit
0d2937e143
@ -17,7 +17,7 @@ public class Encryption {
|
|||||||
public Encryption(Configuration config){
|
public Encryption(Configuration config){
|
||||||
encryptionEnabled = config.getBoolean("Redis.EncryptMessages");
|
encryptionEnabled = config.getBoolean("Redis.EncryptMessages");
|
||||||
if (encryptionEnabled) {
|
if (encryptionEnabled) {
|
||||||
// AES-128 encryption
|
// AES encryption
|
||||||
encryptionKey = config.getString("Redis.EncryptionKey");
|
encryptionKey = config.getString("Redis.EncryptionKey");
|
||||||
macKey = config.getString("Redis.MacKey");
|
macKey = config.getString("Redis.MacKey");
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,8 @@ Redis:
|
|||||||
#a secure password that cannot be cracked, please change it!
|
#a secure password that cannot be cracked, please change it!
|
||||||
#it is also recommended to firewall your redis server with iptables so it can only be accessed by specific IP addresses
|
#it is also recommended to firewall your redis server with iptables so it can only be accessed by specific IP addresses
|
||||||
Password: "yHy0d2zdBlRmaSPj3CiBwEv5V3XxBTLTrCsGW7ntBnzhfxPxXJS6Q1aTtR6DSfAtCZr2VxWnsungXHTcF94a4bsWEpGAvjL9XMU"
|
Password: "yHy0d2zdBlRmaSPj3CiBwEv5V3XxBTLTrCsGW7ntBnzhfxPxXJS6Q1aTtR6DSfAtCZr2VxWnsungXHTcF94a4bsWEpGAvjL9XMU"
|
||||||
|
#hostname of your redis server, you can use free redis hosting (search for it online) if you do not have the ability to host your own redis server
|
||||||
|
#redis server is very lightweight, takes under 30 MB of RAM usually
|
||||||
Host: "127.0.0.1"
|
Host: "127.0.0.1"
|
||||||
#must be 2 or higher, if you set to lower, the addon will automatically use 2 as a minimum
|
#must be 2 or higher, if you set to lower, the addon will automatically use 2 as a minimum
|
||||||
#do not edit MaxConnections if you do not know what you're doing
|
#do not edit MaxConnections if you do not know what you're doing
|
||||||
@ -13,18 +15,28 @@ Redis:
|
|||||||
#9000 = 9 seconds
|
#9000 = 9 seconds
|
||||||
TimeOut: 9000
|
TimeOut: 9000
|
||||||
#also known as SSL, only use this if you're running Redis 6.0.6 or higher, older versions will not work correctly
|
#also known as SSL, only use this if you're running Redis 6.0.6 or higher, older versions will not work correctly
|
||||||
#it encrypts your traffic and makes data exchange between distant servers completely secure
|
#it encrypts your traffic and makes data exchange between distant servers secure
|
||||||
useTLS: false
|
useTLS: false
|
||||||
#may be useful if you cannot use TLS due to use of older version of Redis
|
#EncryptMessages may be useful if you cannot use TLS due to use of older version of Redis or if you're paranoid about privacy and want to double encrypt your messages
|
||||||
#however this will not encrypt the initial authentication password, only the messages sent
|
#however this will not encrypt the initial authentication password, only the messages sent (use TLS for initial authentication password encryption)
|
||||||
#it uses AES-128 SIV encryption which is secure enough for this
|
|
||||||
|
#the encryption configuration must be the same across all servers in order to communicate
|
||||||
|
|
||||||
|
#use 16 characters long key for AES-128 encryption
|
||||||
|
#32 characters long key for AES-256 encryption
|
||||||
|
#AES-128 is faster, but less secure (but it is not crackable by today's technology as of 2020, may be crackable by quantum computers)
|
||||||
EncryptMessages: true
|
EncryptMessages: true
|
||||||
|
#EncryptionKey and MacKey must be different
|
||||||
EncryptionKey: "16CHARACTERS KEY"
|
EncryptionKey: "16CHARACTERS KEY"
|
||||||
MacKey: "16CHARACTERS KEY"
|
MacKey: "16CHARACTERS KEY"
|
||||||
|
|
||||||
|
|
||||||
#the channels from which this server can receive messages
|
#the channels from which this server can receive messages
|
||||||
#you can always send messages to all channels!
|
#you can always send messages to all channels!
|
||||||
#you can add as many channels as you wish!
|
#you can add as many channels as you wish!
|
||||||
|
|
||||||
|
#ideal setup is having one global channel and having one channel that represents server name, so you know who to send messages to
|
||||||
|
#then a few other utility channels up to your needs
|
||||||
Channels:
|
Channels:
|
||||||
- "global"
|
- "global"
|
||||||
- "servername"
|
- "servername"
|
||||||
|
Loading…
Reference in New Issue
Block a user