Skip to content

Commit

Permalink
[improve][doc] Improve the information architecture of encryption and…
Browse files Browse the repository at this point in the history 
… cookbook (apache#17666)

* remove duplicate file `cookbooks-encryption.md`

* Revert "remove duplicate file `cookbooks-encryption.md`"

This reverts commit a1e5a54.

* streamline encryption cookbook and make it single-sourced

* Add code snippets for Java/C++/Go clients.

* use one svg image to replace two jpg files

* client version and title updates

* improve security overview

* Add note and link for TLS encryption
  • Loading branch information
@momo-jun
momo-jun authored Sep 20, 2022
1 parent 320300c commit 3cd129b
Show file tree
Hide file tree
Showing 10 changed files with 330 additions and 669 deletions.
2 changes: 1 addition & 1 deletion site2/docs/administration-dashboard.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,6 @@ bin/pulsar standalone --advertised-address 1.2.3.4

:::note

Currently, only Pulsar Token [authentication](security-overview.md#authentication-providers) is supported.
Currently, only Pulsar Token [authentication](security-overview.md#authentication) is supported.

:::
Binary file removed site2/docs/assets/pulsar-encryption-consumer.jpg
View file
Binary file not shown.
Binary file removed site2/docs/assets/pulsar-encryption-producer.jpg
View file
Binary file not shown.
1 change: 1 addition & 0 deletions site2/docs/assets/pulsar-encryption.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
156 changes: 1 addition & 155 deletions site2/docs/client-libraries-node.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -451,158 +451,4 @@ The following static methods are available for the message id object:

## End-to-end encryption

[End-to-end encryption](/cookbooks-encryption.md#docsNav) allows applications to encrypt messages at producers and decrypt at consumers.

### Configuration

If you want to use the end-to-end encryption feature in the Node.js client, you need to configure `publicKeyPath` for producer and `privateKeyPath` for consumers.

```conf
publicKeyPath: "./public.pem"
privateKeyPath: "./private.pem"
```

### Tutorial

This section provides step-by-step instructions on how to use the end-to-end encryption feature in the Node.js client.

**Prerequisite**

- Pulsar C++ client 2.7.1 or later

**Step**

1. Create both public and private key pairs.

**Input**

```shell
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem
```

2. Create a producer to send encrypted messages.

**Input**

```javascript
const Pulsar = require('pulsar-client');

(async () => {
// Create a client
const client = new Pulsar.Client({
serviceUrl: 'pulsar://localhost:6650',
operationTimeoutSeconds: 30,
});

// Create a producer
const producer = await client.createProducer({
topic: 'persistent://public/default/my-topic',
sendTimeoutMs: 30000,
batchingEnabled: true,
publicKeyPath: "./public.pem",
encryptionKey: "encryption-key"
});

console.log(producer.ProducerConfig)
// Send messages
for (let i = 0; i < 10; i += 1) {
const msg = `my-message-${i}`;
producer.send({
data: Buffer.from(msg),
});
console.log(`Sent message: ${msg}`);
}
await producer.flush();

await producer.close();
await client.close();
})();
```

3. Create a consumer to receive encrypted messages.

**Input**

```javascript
const Pulsar = require('pulsar-client');

(async () => {
// Create a client
const client = new Pulsar.Client({
serviceUrl: 'pulsar://172.25.0.3:6650',
operationTimeoutSeconds: 30
});

// Create a consumer
const consumer = await client.subscribe({
topic: 'persistent://public/default/my-topic',
subscription: 'sub1',
subscriptionType: 'Shared',
ackTimeoutMs: 10000,
privateKeyPath: "./private.pem"
});

console.log(consumer)
// Receive messages
for (let i = 0; i < 10; i += 1) {
const msg = await consumer.receive();
console.log(msg.getData().toString());
consumer.acknowledge(msg);
}

await consumer.close();
await client.close();
})();
```

4. Run the consumer to receive encrypted messages.

**Input**

```shell
node consumer.js
```

5. In a new terminal tab, run the producer to produce encrypted messages.

**Input**

```shell
node producer.js
```

Now you can see the producer sends messages and the consumer receives messages successfully.

**Output**

This is from the producer side.

```
Sent message: my-message-0
Sent message: my-message-1
Sent message: my-message-2
Sent message: my-message-3
Sent message: my-message-4
Sent message: my-message-5
Sent message: my-message-6
Sent message: my-message-7
Sent message: my-message-8
Sent message: my-message-9
```

This is from the consumer side.

```
my-message-0
my-message-1
my-message-2
my-message-3
my-message-4
my-message-5
my-message-6
my-message-7
my-message-8
my-message-9
```

Pulsar encryption allows applications to encrypt messages at producers and decrypt messages at consumers. See [cookbook](cookbooks-encryption.md) for more details.
98 changes: 1 addition & 97 deletions site2/docs/client-libraries-python.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -515,100 +515,4 @@ consumer = client.subscribe(

## End-to-end encryption

[End-to-end encryption](/cookbooks-encryption.md#docsNav) allows applications to encrypt messages at producers and decrypt messages at consumers.

### Configuration

To use the end-to-end encryption feature in the Python client, you need to configure `publicKeyPath` for producers and `privateKeyPath` for consumers.

```
publicKeyPath: "./public.pem"
privateKeyPath: "./private.pem"
```

### Tutorial

This section provides step-by-step instructions on how to use the end-to-end encryption feature in the Python client.

**Prerequisite**

- Pulsar Python client 2.7.1 or later

**Step**

1. Create both public and private key pairs.

**Input**

```shell
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem
```

2. Create a producer to send encrypted messages.

**Input**

```python
import pulsar

publicKeyPath = "./public.pem"
privateKeyPath = ""
crypto_key_reader = pulsar.CryptoKeyReader(publicKeyPath, privateKeyPath)
client = pulsar.Client('pulsar://localhost:6650')
producer = client.create_producer(topic='encryption', encryption_key='encryption', crypto_key_reader=crypto_key_reader)
producer.send('encryption message'.encode('utf8'))
print('sent message')
producer.close()
client.close()
```

3. Create a consumer to receive encrypted messages.

**Input**

```python
import pulsar

publicKeyPath = ""
privateKeyPath = "./private.pem"
crypto_key_reader = pulsar.CryptoKeyReader(publicKeyPath, privateKeyPath)
client = pulsar.Client('pulsar://localhost:6650')
consumer = client.subscribe(topic='encryption', subscription_name='encryption-sub', crypto_key_reader=crypto_key_reader)
msg = consumer.receive()
print("Received msg '{}' id = '{}'".format(msg.data(), msg.message_id()))
consumer.close()
client.close()
```

4. Run the consumer to receive encrypted messages.

**Input**

```shell
python consumer.py
```

5. In a new terminal tab, run the producer to produce encrypted messages.

**Input**

```shell
python producer.py
```

Now you can see the producer sends messages and the consumer receives messages successfully.

**Output**

This is from the producer side.

```
sent message
```

This is from the consumer side.

```
Received msg 'encryption message' id = '(0,0,-1,-1)'
```
Pulsar encryption allows applications to encrypt messages at producers and decrypt messages at consumers. See [cookbook](cookbooks-encryption.md) for more details.
Loading

0 comments on commit 3cd129b

Please sign in to comment.