Network Encryption

Owned by Copy Space for Confluence
Last updated: Jul 04, 2017 by Chris Lawless (Unlicensed)
1 min read

All network commands among fetcher, mine, apply and console are sent encrypted. The key serves both as authentication and encryption.
The redo/plog contents is sent encrypted if the option is selected.
The key is defined by variable NETWORK_TRAFFIC_KEY.  As this can be considered as sensitive information, there are more ways how to specify this value:

  • DDC file (use memory_set, so it is not stored in DDC DB automatically)
  • DDC DB
  • the .ssh way: create a private directory (chmod 0700), store a file with a single command "memory_set NETWORK_TRAFFIC_KEY …" and include it from your DDC file (standard READ command)
  • specify the key as dbvrep parameter: --netkey

The encryption uses 128bit CAST5 encryption. For more information please see http://en.wikipedia.org/wiki/CAST-128