I'd be interested by some comments here also :) Jacques
Hans Bakker wrote: > Hi Adam, > > thanks for adding this feature i would really love to use it, however is > it possible to provide more info than the information below? As far as i > can see: > > 1. generate a kek text with the "./ant gen-kek" command > 2. add this text to entity-engine.xml : > <delegator key-encrypting-key="$kekText"/> > (is that at the root level? not yet added to the xsd?) > 3. add this text to the TenantKeyEncryptingKey entity for the related tenant > does this affect the postgres datasource password? > > Is this all? How about existing tenants? how can we use this feature for > that? > > Thanks in advance for your help, > > regards, > Hans > > On 05/08/2012 04:27 AM, [email protected] wrote: >> Author: doogie >> Date: Mon May 7 21:27:32 2012 >> New Revision: 1335268 >> >> URL: http://svn.apache.org/viewvc?rev=1335268&view=rev >> Log: >> FEATURE: Key-encrypting-key(kek) support is now enabled. To enable >> support for this, run: >> >> java org.ofbiz.base.crypto.Main -kek >> >> and paste that value as a new attribute in entityengine.xml,<delegator >> key-encrypting-key="$kekText"/>. Make certain to add that attribute to >> *all* delegators that share the same datasources. >> >> ps: That java command should really be added to build.xml. >> >> Modified: >> ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java >> >> Modified: >> ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java?rev=1335268&r1=1335267&r2=1335268&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java >> (original) +++ >> ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java Mon >> May 7 21:27:32 2012 @@ -63,7 +63,7 @@ public final >> class EntityCrypto { throw new EntityCryptoException(e); >> } >> handlers = new StorageHandler[] { >> - // new SaltedBase64StorageHandler(kek), >> + new SaltedBase64StorageHandler(kek), >> NormalHashStorageHandler, >> OldFunnyHashStorageHandler, >> };
