This is an automated email from the ASF dual-hosted git repository.
vavrtom pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/main by this push:
new 0edcd95d00 QPID-8663: [Broker-J] Deprecate AESKeyFileEncrypter (#231)
0edcd95d00 is described below
commit 0edcd95d0064a3bc478a8bf814ff52525433f0e4
Author: Daniil Kirilyuk <[email protected]>
AuthorDate: Wed Jan 3 09:13:54 2024 +0100
QPID-8663: [Broker-J] Deprecate AESKeyFileEncrypter (#231)
---
.../security/encryption/AESKeyFileEncrypter.java | 4 +++
.../encryption/AESKeyFileEncrypterFactory.java | 4 +++
.../encryption/AESKeyFileEncrypterTest.java | 4 +++
...va-Broker-Security-Configuration-Encryption.xml | 30 +++++++++++++---------
4 files changed, 30 insertions(+), 12 deletions(-)
diff --git
a/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
b/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
index d4a4ace3c2..ad45a3cf3e 100644
---
a/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
+++
b/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
@@ -36,6 +36,10 @@ import javax.crypto.spec.IvParameterSpec;
import org.apache.qpid.server.util.Strings;
+/**
+ * Class is deprecated in favor of AESGCMKeyFileEncrypter, it will be deleted
in one of the next releases
+ */
+@Deprecated(since = "9.1.1", forRemoval = true)
class AESKeyFileEncrypter implements ConfigurationSecretEncrypter
{
private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
diff --git
a/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
b/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
index 7eaf08f5ed..6dd0b25447 100644
---
a/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
+++
b/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
@@ -24,7 +24,11 @@ import javax.crypto.spec.SecretKeySpec;
import org.apache.qpid.server.plugin.PluggableService;
+/**
+ * Class is deprecated in favor of AESGCMKeyFileEncrypterFactory, it will be
deleted in one of the next releases
+ */
@PluggableService
+@Deprecated(since = "9.1.1", forRemoval = true)
public class AESKeyFileEncrypterFactory extends
AbstractAESKeyFileEncrypterFactory
{
public static final String TYPE = "AESKeyFile";
diff --git
a/broker-core/src/test/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterTest.java
b/broker-core/src/test/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterTest.java
index a531382342..9162201cc3 100644
---
a/broker-core/src/test/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterTest.java
+++
b/broker-core/src/test/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterTest.java
@@ -42,6 +42,10 @@ import org.junit.jupiter.api.Test;
import org.apache.qpid.test.utils.UnitTestBase;
+/**
+ * Unit test is deprecated due to deprecation of AESGCMKeyFileEncrypter, it
will be deleted in one of the next releases
+ */
+@Deprecated(since = "9.1.1", forRemoval = true)
public class AESKeyFileEncrypterTest extends UnitTestBase
{
private final SecureRandom _random = new SecureRandom();
diff --git
a/doc/java-broker/src/docbkx/security/Java-Broker-Security-Configuration-Encryption.xml
b/doc/java-broker/src/docbkx/security/Java-Broker-Security-Configuration-Encryption.xml
index 3dc00d9e65..2f5cfe9810 100644
---
a/doc/java-broker/src/docbkx/security/Java-Broker-Security-Configuration-Encryption.xml
+++
b/doc/java-broker/src/docbkx/security/Java-Broker-Security-Configuration-Encryption.xml
@@ -24,33 +24,39 @@
<title>Configuration Encryption</title>
<para> The Broker is capable of encrypting passwords and other security
items stored in the
Broker's configuration. This is means that items such as
keystore/truststore passwords, JDBC
- passwords, and LDAP passwords can be stored in the configure in a form
that is difficult to
+ passwords, and LDAP passwords can be stored in the configuration in a form
that is difficult to
read.</para>
- <para>The Broker ships with an encryptor implementation called
<literal>AESKeyFile</literal>. This
- uses a securely generated random key of 256bit<footnote><para>Java
Cryptography Extension (JCE)
- Unlimited Strength required</para></footnote> to encrypt the secrets
stored within a key
- file. Of course, the key itself must be guarded carefully, otherwise the
passwords encrypted
- with it may be compromised. For this reason, the Broker ensures that the
file's permissions
- allow the file to be read exclusively by the user account used for running
the Broker.</para>
+ <para>The Broker ships with an encryptor implementations called
<literal>AESGCMKeyFile</literal> and
+ <literal>AESKeyFile</literal>. This uses a securely generated random key
of 256bit
+ <footnote><para>Java Cryptography Extension (JCE) Unlimited Strength
required</para></footnote>
+ to encrypt the secrets stored within a key file. Of course, the key itself
must be guarded carefully,
+ otherwise the passwords encrypted with it may be compromised. For this
reason, the Broker ensures
+ that the file's permissions allow the file to be read exclusively by the
user account used for running
+ the Broker.</para>
+ <important>
+ <para>AESKeyFile encryptor is considered as not safe, it is deprecated and
will be removed in one of the
+ next releases. AESGCMKeyFile encryptor should be used instead.</para>
+ </important>
<important>
<para>If the keyfile is lost or corrupted, the secrets will be
irrecoverable.</para>
</important>
<section
xml:id="Java-Broker-Security-Configuration-Encryption-Configuration">
<title>Configuration</title>
- <para>The <literal>AESKeyFile</literal> encyptor provider is
enabled/disabled via the <link
linkend="Java-Broker-Management-Managing-Broker">Broker attributes</link>
within the
- Web Management Console. On enabling the provider, any existing
passwords within the
+ <para>The <literal>AESGCMKeyFile</literal> or
<literal>AESKeyFile</literal> encryptor providers are
+ enabled/disabled via the <link
linkend="Java-Broker-Management-Managing-Broker">Broker attributes</link>
+ within the Web Management Console. On enabling the provider, any
existing passwords within the
configuration will be automatically rewritten in the encrypted
form.</para>
<para>Note that passwords stored by the Authentication Providers <link
linkend="Java-Broker-Security-PlainPasswordFile-Provider">PlainPasswordFile</link>
and.
- <link
linkend="Java-Broker-Security-Base64MD5PasswordFile-Provider">PlainPasswordFile</link>
+ <link
linkend="Java-Broker-Security-Base64MD5PasswordFile-Provider">PlainPasswordFile</link>
with the external password files are <emphasis>not</emphasis> encrypted
by the key. Use the
Scram Authentication Managers instead; these make use of the
Configuration Encryption when
storing the users' passwords. </para>
</section>
<section
xml:id="Java-Broker-Security-Configuration-Encryption-Alternate-Implementations">
<title>Alternate Implementations</title>
- <para>If the <literal>AESKeyFile</literal> encryptor implementation does
not meet the needs of
+ <para>If the <literal>AESGCMKeyFile</literal> encryptor implementation
does not meet the needs of
the user, perhaps owing to the security standards of their institution,
the
- <literal>ConfigurationSecretEncrypter</literal> interface is designed
as an extension point.
+ <literal>ConfigurationSecretEncrypter</literal> interface is designed as
an extension point.
Users may implement their own implementation of
ConfigurationSecretEncrypter perhaps to employ
stronger encryption or delegating the storage of the key to an
Enterprise Password
Safe.</para>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
