[
https://issues.apache.org/jira/browse/GERONIMO-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Jencks updated GERONIMO-2925:
-----------------------------------
Attachment: GERONIMO-2925.patch
I've implemented a pluggable encryption system for passwords in the attached
patch.
By default you get the old behavior with "{Simple}" encryption with a
hard-coded key. I think this is normally the best tradeoff although I like no
encryption and security your machines even better.
If you want to have a fixed key generated by geronimo you can add this gbean to
the rmi-naming module in config.xml:
<gbean
name="org.apache.geronimo.configs/rmi-naming/2.1-SNAPSHOT/car?name=ConfiguredEncryption,j2eeType=GBean"
gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
<attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
<reference
name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference>
</gbean>
This will create a key the first time its started, after that it will keep
using the saved key at the location specified. If you put a serialized
SecretKeySpec there it will use it instead.
Of course using something like this leaves your system open to the key file
changing or disappearing and losing all the saved password info.
I'd like some review of this before I commit it: it seems to work.
> Key used for encryption same for all server instances
> -----------------------------------------------------
>
> Key: GERONIMO-2925
> URL: https://issues.apache.org/jira/browse/GERONIMO-2925
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 2.0-M5
> Reporter: Michael Malgeri
> Assignee: David Jencks
> Priority: Critical
> Attachments: GERONIMO-2925.patch
>
>
> We understand that WASCE use AES to encrypt the password. You do
> javax.crypto.Cipher.getInstance("AES") and init() with a hard-coded key.
> This key is same for all the WASCE server instances. Anyone getting access
> to a downloaded version of the software can have the algorithm and decrypt
> the password. So we need your urgent help on the following:
> 1. provide a solution with key management that we can control
> 2. provide a pluggable encryption solution so that we can use our internal
> algorithms and key management
> At least,
> 3. the key should be dynamically generated in each of the installations that
> would reduce the ability to decrypt to someone who has access to the server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
