Hitachi Vantara Pentaho Community Forums
Results 1 to 3 of 3

Thread: How to encrypt the ktr abd kjb file?

  1. #1
    Join Date
    Sep 2014

    Default How to encrypt the ktr abd kjb file?

    we are developed the ktr and kjb local file but we do not want the man to see the content just invoke rights。

    How to encrypt the ktr abd kjb file?

  2. #2
    Join Date
    Feb 2009


    Hi, do you really want to do that???

    if the answer is yes, you should use symmetric Cryptography step. You will need to load the content first.

    for decrypting you only need to change "operation" to decrypt.

    PD: Are you completely sure you want that?
    "Probaste con un yogurt?"

  3. #3


    I'm lost on why anyone would need/want to encrypt their jobs or transformations on-disk.

    Are you running these PDI jobs or transformations on your own servers? If so, implement Full Disk Encryption (via Bitlocker or LUKS), configure OS & file security properly, and move on.
    Is a third-party running these on behalf of your business? Use your business agreements and contracts to enforce best practices on the servers where your data is processed.
    Are you selling these as a service to another company that will use these for their own datasets? Use your business agreements and contracts to prevent them from re-selling and/or refuse to support them if modifications are made.

    PDI has built-in cryptography tools, including the ability to encrypt passwords (AES is built-in for EE, or write your own plugin). Trying to encrypt/decrypt entire KJBs and KTRs is certainly possible, but it requires you writing a whole KJB/KTR framework (or Java application) to handle this process, before even running the business-logic KJB/KTR files. Additional points for failure, and good luck getting support on that. Your developers will hate you when you call them at 3 AM if your customer loses their decryption key.

    If there's confidental IP that still can't be secured through the above, then write it as a custom PDI step/job entry, and obfuscate the compiled Java classes using some 3rd-party tool (e.g. Proguard). This is a similar method to how the entire Pentaho EE suite is built, and seems to work pretty well for the company.

    You should probably spend more time into reviewing any requirements there are for your project. Are you securing your KJBs and KTRs for Intellectual Property reasons or are you securing the data passing through the files? What happens when you use 'Sort Rows', and it writes data to files on disk? That's not encrypted. If instead you're just trying to check a box to make a sale to a new customer, the customer may not understand what they're asking either.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.