On 20 Aug 2008, at 18:00, Eric Chamberlain wrote: > We are exploring using Asterisk for a project and we are looking for a > way to encrypt/decrypt the peer passwords stored in the realtime > database (postrges). > > Ideally, we want to use a public key to encrypt the passwords before > they go into the database and have Asterisk use a private key to > decrypt the password as part of the call out process. > > Has anyone developed something like this?
I haven't done this in asterisk, but we did do a selective encryption layer for a database on a non-voip project. First - understand what you are protecting against: We wanted to be sure that if the backup/sever/tapes/disk were stolen then the personal data in the database would not be accessible without the private key. The way this worked was a bit oracle specific, but the same concepts are available in postgress. Basically you have a base table containing the encrypted fields, this is what is stored on the disk. You then layer on a view (with appropriate triggers/stored procedures) and the application (asterisk realtime in your case) uses this view. The view takes the encrypted fields from the base table and decrypts them before returning the data to the application. The trick is that the key is stored in the user's login session (ie in memory) and is initialized at startup (either by typing or from somewhere that isn't the disk - think of a flash drive superglued to the wall :-) with asterisk I'd be tempted to have it call me and I have to dtmf the key in! _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
