Attached is sample java client code that can be used to encrypt (or decrypt) data that can then be decrypted (or encrypted) with the Convert Value task encryption/decryption operations in Sentry.
Instructions for use:
- Create a symmetric key encryption policy (algorithm and key wrap set to AES-256).
- Create a task list with a convert value task using the symmetric key encryption policy.
- Encrypt some node within the sample document.
- Run the task to generate a sample encrypted value.
- Go to the Encryption policy and grab the symmetric key.
- Use the key and sample document with the attached Encrypt.java program that is developed to assure that you can decrypt the value and return it to its original value.
- Edit the attached Encrypt.java as necessary to match your Sentry encryption policy. The base64Key and encryption algorithms in the sample program need match the settings in the Sentry config.
- Compile the sample program with java 8.
- Ensure that java unlimited strength jurisdiction policy files are installed.
- Run the sample program. Usage is Encrypt [-e|-d] <filename> <element>. The -e option encrypts. The -d option decrypts. The default is to encrypt. For example: Encrypt -d sample.xml tns:echo