Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-13 Thread Subhashinie Koshalya 
Hi all,

When using DefaultSecretRepository class [1] , which uses
JKSBasedCipherProvider [2] the string that can be encrypted limits to 245
characters.


​
Seems like it is due to the RSA algorighm [3]. If that is case, is there a
plan to facilitate encryption of larger blocks data for C5?

[1] https://github.com/wso2/carbon-secvault/blob/master/
components/org.wso2.carbon.secvault/src/main/java/org/wso2/carbon/secvault/
repository/DefaultSecretRepository.java
[2]
https://github.com/wso2/carbon-secvault/blob/master/components/org.wso2.carbon.secvault/src/main/java/org/wso2/carbon/secvault/cipher/JKSBasedCipherProvider.java
[3]
https://stackoverflow.com/questions/15470222/cipherinputstream-and-cipheroutputstream-are-not-generating-files

Regards,
Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com


On Thu, Oct 12, 2017 at 12:37 PM, Subhashinie Koshalya <subhashi...@wso2.com
> wrote:

> Hi all,
>
> Is there a way to know the maximum length of a string that can be
> encrypted using a key in wso2carbon.jks [1] or
> securevault.jks [2] while using DefaultSecretRepository.java [3].
>
> I have a RS256 encoded JWT which is about 900 characters long. When
> encrypting it by storing it in secrets.properties, it does not give a
> cipherText. This is all i get,
>
> ​
> Is it because of the length or are there any other constraints?
> Also is there a better way that I could store my token securely?
>
> [1] https://github.com/wso2/product-apim/blob/master/
> product/carbon-home/resources/security/wso2carbon.jks
> [2] https://github.com/wso2/carbon-secvault/blob/master/
> features/org.wso2.carbon.secvault.feature/resources/resources/security/
> securevault.jks
> [3] https://github.com/wso2/carbon-secvault/blob/master/
> components/org.wso2.carbon.secvault/src/main/java/org/
> wso2/carbon/secvault/repository/DefaultSecretRepository.java
>
> Thanks and regards,
> Subhashinie
> Intern | Software Engineering
> WSO2, Inc. : http://wso2.com
>
> Email : subhashi...@wso2.com
>
> On Mon, Oct 9, 2017 at 5:13 PM, Subhashinie Koshalya <subhashi...@wso2.com
> > wrote:
>
>> Hi Thusitha and Niranjan,
>>
>> The requirement is to encrypt a JWT without having to store another
>> password or a key. Thanks a lot for the links. They seem to solve the
>> problem. I'll get back to you if it did not come out as expected.
>>
>> Thanks and regards,
>>
>> Subhashinie
>> Intern | Software Engineering
>> WSO2, Inc. : http://wso2.com
>>
>> Email : subhashi...@wso2.com
>>
>> On Mon, Oct 9, 2017 at 3:35 PM, Niranjan Karunanandham <niran...@wso2.com
>> > wrote:
>>
>>> Hi Subhashinie,
>>>
>>> In C5, the secure vault component is moved to a separate repo [1]. In
>>> order to encrypt your value, you need to get an instance of the secure
>>> vault and call the encrypt method in [2].
>>>
>>> [1] - https://github.com/wso2/carbon-secvault
>>> [2] - https://github.com/wso2/carbon-secvault/blob/master/tools/
>>> org.wso2.carbon.secvault.ciphertool/src/main/java/org/wso2/
>>> carbon/secvault/ciphertool/CipherTool.java
>>>
>>> Regards,
>>> Nira
>>>
>>> On Mon, Oct 9, 2017 at 3:32 PM, Thusitha Thilina Dayaratne <
>>> thusit...@wso2.com> wrote:
>>>
>>>> Hi Subhashinie,
>>>>
>>>> C5 doesn't contain that particular class. Could you tell us what do you
>>>> wanna achieve?
>>>> If you want to encrypt/decrypt texts, you can use the secvault. You can
>>>> refer [1] if that is your intention.
>>>>
>>>> [1] https://github.com/wso2/carbon-secvault/blob/master/samp
>>>> les/org.wso2.carbon.secvault.samples.standalone/src/main/jav
>>>> a/org/wso2/carbon/secvault/samples/standalone/Application.java
>>>>
>>>> Thanks
>>>> Thusitha
>>>>
>>>> On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya <
>>>> subhashi...@wso2.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I am supposed to store a token securely. Is there something similar to
>>>>> CryptoUtil [1] available in C5?
>>>>>
>>>>> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
>>>>> o2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java
>>>>> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-kernel%2Fblob%2F4.4.x%2Fcore%2Forg.wso2.carbon.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fwso2%2Fcarbon%2Fcore%2Futil%2FCryptoUtil.java=D=1=AFQjCNF

Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-12 Thread Subhashinie Koshalya 
Hi all,

Is there a way to know the maximum length of a string that can be encrypted
using a key in wso2carbon.jks [1] or
securevault.jks [2] while using DefaultSecretRepository.java [3].

I have a RS256 encoded JWT which is about 900 characters long. When
encrypting it by storing it in secrets.properties, it does not give a
cipherText. This is all i get,

​
Is it because of the length or are there any other constraints?
Also is there a better way that I could store my token securely?

[1]
https://github.com/wso2/product-apim/blob/master/product/carbon-home/resources/security/wso2carbon.jks
[2]
https://github.com/wso2/carbon-secvault/blob/master/features/org.wso2.carbon.secvault.feature/resources/resources/security/securevault.jks
[3]
https://github.com/wso2/carbon-secvault/blob/master/components/org.wso2.carbon.secvault/src/main/java/org/wso2/carbon/secvault/repository/DefaultSecretRepository.java

Thanks and regards,
Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com

On Mon, Oct 9, 2017 at 5:13 PM, Subhashinie Koshalya <subhashi...@wso2.com>
wrote:

> Hi Thusitha and Niranjan,
>
> The requirement is to encrypt a JWT without having to store another
> password or a key. Thanks a lot for the links. They seem to solve the
> problem. I'll get back to you if it did not come out as expected.
>
> Thanks and regards,
>
> Subhashinie
> Intern | Software Engineering
> WSO2, Inc. : http://wso2.com
>
> Email : subhashi...@wso2.com
>
> On Mon, Oct 9, 2017 at 3:35 PM, Niranjan Karunanandham <niran...@wso2.com>
> wrote:
>
>> Hi Subhashinie,
>>
>> In C5, the secure vault component is moved to a separate repo [1]. In
>> order to encrypt your value, you need to get an instance of the secure
>> vault and call the encrypt method in [2].
>>
>> [1] - https://github.com/wso2/carbon-secvault
>> [2] - https://github.com/wso2/carbon-secvault/blob/master/tools/
>> org.wso2.carbon.secvault.ciphertool/src/main/java/org/
>> wso2/carbon/secvault/ciphertool/CipherTool.java
>>
>> Regards,
>> Nira
>>
>> On Mon, Oct 9, 2017 at 3:32 PM, Thusitha Thilina Dayaratne <
>> thusit...@wso2.com> wrote:
>>
>>> Hi Subhashinie,
>>>
>>> C5 doesn't contain that particular class. Could you tell us what do you
>>> wanna achieve?
>>> If you want to encrypt/decrypt texts, you can use the secvault. You can
>>> refer [1] if that is your intention.
>>>
>>> [1] https://github.com/wso2/carbon-secvault/blob/master/samp
>>> les/org.wso2.carbon.secvault.samples.standalone/src/main/jav
>>> a/org/wso2/carbon/secvault/samples/standalone/Application.java
>>>
>>> Thanks
>>> Thusitha
>>>
>>> On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya <
>>> subhashi...@wso2.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I am supposed to store a token securely. Is there something similar to
>>>> CryptoUtil [1] available in C5?
>>>>
>>>> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
>>>> o2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java
>>>> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-kernel%2Fblob%2F4.4.x%2Fcore%2Forg.wso2.carbon.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fwso2%2Fcarbon%2Fcore%2Futil%2FCryptoUtil.java=D=1=AFQjCNFa-kaDwli9i1_NxpuiICc_giCn_g>
>>>>
>>>> Thanks and regards,
>>>> Subhashinie
>>>> Intern | Software Engineering
>>>> WSO2, Inc. : http://wso2.com
>>>>
>>>> Email : subhashi...@wso2.com
>>>>
>>>
>>>
>>>
>>> --
>>> Thusitha Dayaratne
>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>
>>> Mobile  +94712756809 <+94%2071%20275%206809>
>>> Blog  alokayasoya.blogspot.com
>>> Abouthttp://about.me/thusithathilina
>>> <http://wso2.com/signature>
>>>
>>>
>>
>>
>> --
>>
>>
>> *Niranjan Karunanandham*
>> Associate Technical Lead - WSO2 Inc.
>> WSO2 Inc.: http://www.wso2.com
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-09 Thread Subhashinie Koshalya 
Hi Thusitha and Niranjan,

The requirement is to encrypt a JWT without having to store another
password or a key. Thanks a lot for the links. They seem to solve the
problem. I'll get back to you if it did not come out as expected.

Thanks and regards,

Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com

On Mon, Oct 9, 2017 at 3:35 PM, Niranjan Karunanandham <niran...@wso2.com>
wrote:

> Hi Subhashinie,
>
> In C5, the secure vault component is moved to a separate repo [1]. In
> order to encrypt your value, you need to get an instance of the secure
> vault and call the encrypt method in [2].
>
> [1] - https://github.com/wso2/carbon-secvault
> [2] - https://github.com/wso2/carbon-secvault/blob/master/
> tools/org.wso2.carbon.secvault.ciphertool/src/main/
> java/org/wso2/carbon/secvault/ciphertool/CipherTool.java
>
> Regards,
> Nira
>
> On Mon, Oct 9, 2017 at 3:32 PM, Thusitha Thilina Dayaratne <
> thusit...@wso2.com> wrote:
>
>> Hi Subhashinie,
>>
>> C5 doesn't contain that particular class. Could you tell us what do you
>> wanna achieve?
>> If you want to encrypt/decrypt texts, you can use the secvault. You can
>> refer [1] if that is your intention.
>>
>> [1] https://github.com/wso2/carbon-secvault/blob/master/samp
>> les/org.wso2.carbon.secvault.samples.standalone/src/main/
>> java/org/wso2/carbon/secvault/samples/standalone/Application.java
>>
>> Thanks
>> Thusitha
>>
>> On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya <
>> subhashi...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> I am supposed to store a token securely. Is there something similar to
>>> CryptoUtil [1] available in C5?
>>>
>>> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
>>> o2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java
>>> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-kernel%2Fblob%2F4.4.x%2Fcore%2Forg.wso2.carbon.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fwso2%2Fcarbon%2Fcore%2Futil%2FCryptoUtil.java=D=1=AFQjCNFa-kaDwli9i1_NxpuiICc_giCn_g>
>>>
>>> Thanks and regards,
>>> Subhashinie
>>> Intern | Software Engineering
>>> WSO2, Inc. : http://wso2.com
>>>
>>> Email : subhashi...@wso2.com
>>>
>>
>>
>>
>> --
>> Thusitha Dayaratne
>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>
>> Mobile  +94712756809 <+94%2071%20275%206809>
>> Blog  alokayasoya.blogspot.com
>> Abouthttp://about.me/thusithathilina
>> <http://wso2.com/signature>
>>
>>
>
>
> --
>
>
> *Niranjan Karunanandham*
> Associate Technical Lead - WSO2 Inc.
> WSO2 Inc.: http://www.wso2.com
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Is there a CryptoUtil available in C5?

2017-10-09 Thread Subhashinie Koshalya 
Hi all,

I am supposed to store a token securely. Is there something similar to
CryptoUtil [1] available in C5?

[1]
https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java


Thanks and regards,
Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev