Make encryption config more informative & some other things

This commit is contained in:
Govindass 2021-02-12 12:59:28 +02:00
parent 8cda727799
commit c89e4f1310
2 changed files with 17 additions and 5 deletions

View File

@ -17,7 +17,7 @@ public class Encryption {
public Encryption(Configuration config){ public Encryption(Configuration config){
encryptionEnabled = config.getBoolean("Redis.EncryptMessages"); encryptionEnabled = config.getBoolean("Redis.EncryptMessages");
if (encryptionEnabled) { if (encryptionEnabled) {
// AES-128 encryption // AES encryption
encryptionKey = config.getString("Redis.EncryptionKey"); encryptionKey = config.getString("Redis.EncryptionKey");
macKey = config.getString("Redis.MacKey"); macKey = config.getString("Redis.MacKey");
} }

View File

@ -2,6 +2,8 @@ Redis:
#a secure password that cannot be cracked, please change it! #a secure password that cannot be cracked, please change it!
#it is also recommended to firewall your redis server with iptables so it can only be accessed by specific IP addresses #it is also recommended to firewall your redis server with iptables so it can only be accessed by specific IP addresses
Password: "yHy0d2zdBlRmaSPj3CiBwEv5V3XxBTLTrCsGW7ntBnzhfxPxXJS6Q1aTtR6DSfAtCZr2VxWnsungXHTcF94a4bsWEpGAvjL9XMU" Password: "yHy0d2zdBlRmaSPj3CiBwEv5V3XxBTLTrCsGW7ntBnzhfxPxXJS6Q1aTtR6DSfAtCZr2VxWnsungXHTcF94a4bsWEpGAvjL9XMU"
#hostname of your redis server, you can use free redis hosting (search for it online) if you do not have the ability to host your own redis server
#redis server is very lightweight, takes under 30 MB of RAM usually
Host: "127.0.0.1" Host: "127.0.0.1"
#must be 2 or higher, if you set to lower, the addon will automatically use 2 as a minimum #must be 2 or higher, if you set to lower, the addon will automatically use 2 as a minimum
#do not edit MaxConnections if you do not know what you're doing #do not edit MaxConnections if you do not know what you're doing
@ -13,18 +15,28 @@ Redis:
#9000 = 9 seconds #9000 = 9 seconds
TimeOut: 9000 TimeOut: 9000
#also known as SSL, only use this if you're running Redis 6.0.6 or higher, older versions will not work correctly #also known as SSL, only use this if you're running Redis 6.0.6 or higher, older versions will not work correctly
#it encrypts your traffic and makes data exchange between distant servers completely secure #it encrypts your traffic and makes data exchange between distant servers secure
useTLS: false useTLS: false
#may be useful if you cannot use TLS due to use of older version of Redis #EncryptMessages may be useful if you cannot use TLS due to use of older version of Redis or if you're paranoid about privacy and want to double encrypt your messages
#however this will not encrypt the initial authentication password, only the messages sent #however this will not encrypt the initial authentication password, only the messages sent (use TLS for initial authentication password encryption)
#it uses AES-128 SIV encryption which is secure enough for this
#the encryption configuration must be the same across all servers in order to communicate
#use 16 characters long key for AES-128 encryption
#32 characters long key for AES-256 encryption
#AES-128 is faster, but less secure (but it is not crackable by today's technology as of 2020, may be crackable by quantum computers)
EncryptMessages: true EncryptMessages: true
#EncryptionKey and MacKey must be different
EncryptionKey: "16CHARACTERS KEY" EncryptionKey: "16CHARACTERS KEY"
MacKey: "16CHARACTERS KEY" MacKey: "16CHARACTERS KEY"
#the channels from which this server can receive messages #the channels from which this server can receive messages
#you can always send messages to all channels! #you can always send messages to all channels!
#you can add as many channels as you wish! #you can add as many channels as you wish!
#ideal setup is having one global channel and having one channel that represents server name, so you know who to send messages to
#then a few other utility channels up to your needs
Channels: Channels:
- "global" - "global"
- "servername" - "servername"