September 7, 2020 Custom Content Encryption in Alfresco Community

Alfresco is a leading open-source ECM (Enterprise Content Management) system. Modern companies, irrespective of their size and business model can leverage the benefits of the feature-rich Alfresco Community Edition. As an entrepreneur, you can consult a reputed and robust Alfresco development company to build a customized ECM powered by Alfresco.

The Alfresco Community Edition enables users to store the corporate documents in a ‘content store’ which is a normal file system. It is an open file system for all users including server administrators, developers, and maintainers. In this system, all the content (documents) can be stored in the form of a .bin file.

The file names within the content stores are referenced through GUID which is maintained within the database. Specifically, in the Alfresco community edition, these .bin files can be converted back to the original document by changing their extensions if the original extensions are known.

These content stores are often exposed during the backup and restoration of the repository in the document management system. If the documents are confidential then there is always a risk of getting these documents into the wrong hands. Therefore, we have developed a custom encryption component that encrypts every document within the Alfresco instance before it gets stored.

As the encryption is being done at the time of the documents/content being stored to the content store, encryption will be the background process. Similarly, the document will be decrypted while accessed within the Alfresco only by Alfresco users.

The best part of the component is- it does not affect the content which is already present in the content store. It means the component can be applied to the Alfresco instance already having content, which is in use. The component will start encrypting the content right from the implementation.

Technical Details

• We have implemented custom encryption using AES with CTR mode of Encryption algorithm.for the alfresco community edition.
• The encryption operation is performed as and when the document/content being stored in the content store.
• AES Algorithm detail

– AES (Advanced Encryption Standard) with CTR(Counter) mode Encryption
– 16 bytes key to encrypt-decrypt
– 16 bytes Initialization Vector(IV) param

Also Read- How to Set Workflow Due-date Reminder in Alfresco DMS

• Classes Overridden for Encryption

The following classes are being used internally while creating a unique .bin file at the physical content store. We have to override these classes to encrypt the content before they get stored in the content store.

org.alfresco.repo.tenant.TenantRoutingFileContentStore
org.alfresco.repo.content.filestore.FileContentStore
org.alfresco.repo.content.filestore.FileContentWriter
org.alfresco.repo.content.AbstractContentWriter
org.alfresco.repo.content.LimitedStreamCopier

• Classes Overridden for Decryption

These two classes are used to read the content from the content store. Normally, these classes expect the normal content from the nodes which have been stored in the content store. As we have are encrypting the content of a node before it gets stored in the content store, we have to override these classes to decrypt the content using the decryption key.

org.alfresco.repo.content.filestore.FileContentReader
org.alfresco.repo.content.AbstractContentReader

• Performance

These encryption and decryption of content are adding little extra operations to the process of storing and retrieval of content. However, it will not affect the user experience if the server configuration is done according to the standard recommendation by Alfresco.

Talking about the benefits of customized content encryption in the Alfresco document management system, we can include the following ones-

• Security for stored or archived content
• Does not affect other features and operations
• Custom encryption key restricts decryption of the content outside the alfresco without key
• Does not affect old or existing content of the content store and indexing

ContCentric is a renowned Alfresco development company with a team of highly skilled and certified Alfresco developers. We can come up with a user-friendly and feature-rich document management system for companies of all sizes and irrespective of industry sectors. You can contact us by sending an email at marketing@contcentric.com. Our expert consultants are happy to help you!