Skip to content
You are reading GoQuorum development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Configure cryptographic elliptic curves

By default, the Tessera enclave uses the jnacl implementation of the NaCl library to encrypt and decrypt private payloads.

The NaCl primitives provide good security and speed and this is sufficient in most circumstances.

You can configure alternative curves and symmetric ciphers by specifying encryptor in the Tessera configuration file.

Configure an alternative cryptographic elliptic curve

In the encryptor configuration item, you can provide a compatible JCA provider (for example, SunEC provider).

Note

The same enclave encryption process is used regardless of whether the NaCl or JCA encryptor is configured.

JCA encryptor configuration

"encryptor":{
    "type":"EC",
    "properties":{
        "symmetricCipher":"AES/GCM/NoPadding",
        "ellipticCurve":"secp256r1",
        "nonceLength":"24",
        "sharedKeyLength":"32"
    }
}

If type is set to CUSTOM, support is provided for an external encryptor implementation to integrate with Tessera. The kalium support module is configured as a custom encryptor. The pilot third party integration is Unbound Tech’s Unbound Key Control (UKC) encryptor (jar available at com.github.unbound-tech:encryption-ub:<version>).

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on Tessera Slack channel.
For paid professional support by ConsenSys, contact us at [email protected].