16. Support for RTI Persistence Service

RTI Persistence Service is compatible with the RTI Security Plugins. To store persisted data protected, Persistence Service must use a configuration whose domain_participant_qos includes security properties for:

  1. Dynamically loading the security libraries (see Dynamic Linking), and

  2. Using a Governance File that sets data_protection_kind to a value other than NONE for the desired topics (see Governance File).


To run Persistence Service with the Security Plugins, the %PATH% or $LD_LIBRARY_PATH environment variable must include RTI and OpenSSL DLLs or libraries.

When Persistence Service discovers a Topic, it creates a PRSTDataReader and a PRSTDataWriter. When security is enabled, these Endpoints will use Serialized Data Protection, at the level specified by the data_protection_kind Governance Rule (see data_protection_kind (topic_rule)).

The PRSTDataReader receives data from the Connext Databus and verifies (and potentially decrypts) it. The PRSTDataWriter then applies Serialized Data Protection to the data with its own Sender Key before inserting it into the database. The stored encoded data includes the payload and the metadata necessary to verify (and potentially decrypt) it, such as the Crypto Header and Crypto Footer.

When Persistence Service reads the database’s data, the PRSTDataWriter does NOT verify the MAC stored with the data before sending it on the wire. It is up to the user DataReaders to verify the MAC. Consequently, if an attacker alters the database’s data, the PRSTDataWriter will resend the tampered data many times over the wire until the reliability protocol causes the data to be lost.

Persistence Service encrypts and stores the PRSTDataWriter’s Sender Key in the database row containing information about the writer. The encryption key is the output of a derivation function whose input is the dds.data_writer.history.key_material_key property (see Table 16.1) and the cryptography plugin implementation determines both the key derivation function and the encryption algorithm. For details on the Security Plugins’ key derivation function and encryption algorithms, see Interactions with Persistence Service.

In Security Plugins, the Key Derivation Function involves PBKDF2 (Password-Based Key Derivation Function) with SHA-512 (Secure Hash Algorithm with a 512-bit hash value) and a random salt, and the encryption algorithm involves AES-256-GCM. The Key Derivation Function derives both the key and the IV (Initialization Vector) used in the encryption. Persistence Service stores the random salt along with the PRSTDataWriter’s encrypted key.

When Persistence Service restarts, the new PRSTDataWriter uses the Sender Key from the previous PRSTDataWriter, which it securely exchanges with user DataReaders to allow them to decrypt the data correctly. For this reason, to read the data from the database, Persistence Service needs to load the same configuration it previously used to write data into the database. If Persistence Service restarts with a different configuration (e.g., wrong value for dds.data_writer.history.key_material_key), Persistence Service creation will fail.

Table 16.1 Properties for Configuring Secure Persistence Service

Property Name

Property Value Description



The basis of the cryptographic material used to derive the key to encrypt the PRSTDataWriter’s Key Material. This property may be specified in either the DomainParticipantQos or the DataWriterQos.

Attempting to restore encrypted data using a nonexistent or incorrect key_material_key will result in an informative log message and failure to create Persistence Service.

You may specify either the file name or the document contents:

  • If specifying the file name, the property value may optionally have the prefix file: (no space after the colon), followed by the fully qualified path and name of the file.

  • If specifying the contents of the document, the property value must have the prefix data:, (no space after the comma), followed by the contents inside the document. For example: data:,myPassword.

The length of the key_material_key contents may not exceed 2,147,483,647 bytes.

String. When this key is provided as a String, it is recommended that you take the appropriate measures to protect any configuration XML file containing this key, or alternatively to securely retrieve and set up this property programmatically. Similarly, when this key is provided as a path to a file, it is recommended that you take the appropriate measures to protect the file containing the pre-shared key.

Default: NULL