Make encryption config more informative & some other things

2021-02-12 12:59:28 +02:00 · 2021-02-12 12:59:28 +02:00 · c89e4f1310
commit c89e4f1310
parent 8cda727799
2 changed files with 17 additions and 5 deletions
--- a/src/main/java/net/limework/rediskript/data/Encryption.java
+++ b/src/main/java/net/limework/rediskript/data/Encryption.java
@ -17,7 +17,7 @@ public class Encryption {
    public Encryption(Configuration config){
        encryptionEnabled = config.getBoolean("Redis.EncryptMessages");
        if (encryptionEnabled) {
-            // AES-128 encryption
+            // AES encryption
            encryptionKey = config.getString("Redis.EncryptionKey");
            macKey = config.getString("Redis.MacKey");
        }
--- a/src/main/resources/config.yml
+++ b/src/main/resources/config.yml
@ -2,6 +2,8 @@ Redis:
  #a secure password that cannot be cracked, please change it!
  #it is also recommended to firewall your redis server with iptables so it can only be accessed by specific IP addresses
  Password: "yHy0d2zdBlRmaSPj3CiBwEv5V3XxBTLTrCsGW7ntBnzhfxPxXJS6Q1aTtR6DSfAtCZr2VxWnsungXHTcF94a4bsWEpGAvjL9XMU"
+  #hostname of your redis server, you can use free redis hosting (search for it online) if you do not have the ability to host your own redis server
+  #redis server is very lightweight, takes under 30 MB of RAM usually
  Host: "127.0.0.1"
  #must be 2 or higher, if you set to lower, the addon will automatically use 2 as a minimum
  #do not edit MaxConnections if you do not know what you're doing
@ -13,18 +15,28 @@ Redis:
  #9000 = 9 seconds
  TimeOut: 9000
  #also known as SSL, only use this if you're running Redis 6.0.6 or higher, older versions will not work correctly
-  #it encrypts your traffic and makes data exchange between distant servers completely secure
+  #it encrypts your traffic and makes data exchange between distant servers secure
  useTLS: false
-  #may be useful if you cannot use TLS due to use of older version of Redis
-  #however this will not encrypt the initial authentication password, only the messages sent
-  #it uses AES-128 SIV encryption which is secure enough for this
+  #EncryptMessages may be useful if you cannot use TLS due to use of older version of Redis or if you're paranoid about privacy and want to double encrypt your messages
+  #however this will not encrypt the initial authentication password, only the messages sent (use TLS for initial authentication password encryption)
+
+  #the encryption configuration must be the same across all servers in order to communicate
+
+  #use 16 characters long key for AES-128 encryption
+  #32 characters long key for AES-256 encryption
+  #AES-128 is faster, but less secure (but it is not crackable by today's technology as of 2020, may be crackable by quantum computers)
  EncryptMessages: true
+  #EncryptionKey and MacKey must be different
  EncryptionKey: "16CHARACTERS KEY"
  MacKey: "16CHARACTERS KEY"

+
 #the channels from which this server can receive messages
 #you can always send messages to all channels!
 #you can add as many channels as you wish!
+
+#ideal setup is having one global channel and having one channel that represents server name, so you know who to send messages to
+#then a few other utility channels up to your needs
 Channels:
  - "global"
  - "servername"