Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-13 Thread Subhashinie Koshalya 
Hi all,

When using DefaultSecretRepository class [1] , which uses
JKSBasedCipherProvider [2] the string that can be encrypted limits to 245
characters.


​
Seems like it is due to the RSA algorighm [3]. If that is case, is there a
plan to facilitate encryption of larger blocks data for C5?

[1] https://github.com/wso2/carbon-secvault/blob/master/
components/org.wso2.carbon.secvault/src/main/java/org/wso2/carbon/secvault/
repository/DefaultSecretRepository.java
[2]
https://github.com/wso2/carbon-secvault/blob/master/components/org.wso2.carbon.secvault/src/main/java/org/wso2/carbon/secvault/cipher/JKSBasedCipherProvider.java
[3]
https://stackoverflow.com/questions/15470222/cipherinputstream-and-cipheroutputstream-are-not-generating-files

Regards,
Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com


On Thu, Oct 12, 2017 at 12:37 PM, Subhashinie Koshalya  wrote:

> Hi all,
>
> Is there a way to know the maximum length of a string that can be
> encrypted using a key in wso2carbon.jks [1] or
> securevault.jks [2] while using DefaultSecretRepository.java [3].
>
> I have a RS256 encoded JWT which is about 900 characters long. When
> encrypting it by storing it in secrets.properties, it does not give a
> cipherText. This is all i get,
>
> ​
> Is it because of the length or are there any other constraints?
> Also is there a better way that I could store my token securely?
>
> [1] https://github.com/wso2/product-apim/blob/master/
> product/carbon-home/resources/security/wso2carbon.jks
> [2] https://github.com/wso2/carbon-secvault/blob/master/
> features/org.wso2.carbon.secvault.feature/resources/resources/security/
> securevault.jks
> [3] https://github.com/wso2/carbon-secvault/blob/master/
> components/org.wso2.carbon.secvault/src/main/java/org/
> wso2/carbon/secvault/repository/DefaultSecretRepository.java
>
> Thanks and regards,
> Subhashinie
> Intern | Software Engineering
> WSO2, Inc. : http://wso2.com
>
> Email : subhashi...@wso2.com
>
> On Mon, Oct 9, 2017 at 5:13 PM, Subhashinie Koshalya  > wrote:
>
>> Hi Thusitha and Niranjan,
>>
>> The requirement is to encrypt a JWT without having to store another
>> password or a key. Thanks a lot for the links. They seem to solve the
>> problem. I'll get back to you if it did not come out as expected.
>>
>> Thanks and regards,
>>
>> Subhashinie
>> Intern | Software Engineering
>> WSO2, Inc. : http://wso2.com
>>
>> Email : subhashi...@wso2.com
>>
>> On Mon, Oct 9, 2017 at 3:35 PM, Niranjan Karunanandham > > wrote:
>>
>>> Hi Subhashinie,
>>>
>>> In C5, the secure vault component is moved to a separate repo [1]. In
>>> order to encrypt your value, you need to get an instance of the secure
>>> vault and call the encrypt method in [2].
>>>
>>> [1] - https://github.com/wso2/carbon-secvault
>>> [2] - https://github.com/wso2/carbon-secvault/blob/master/tools/
>>> org.wso2.carbon.secvault.ciphertool/src/main/java/org/wso2/
>>> carbon/secvault/ciphertool/CipherTool.java
>>>
>>> Regards,
>>> Nira
>>>
>>> On Mon, Oct 9, 2017 at 3:32 PM, Thusitha Thilina Dayaratne <
>>> thusit...@wso2.com> wrote:
>>>
 Hi Subhashinie,

 C5 doesn't contain that particular class. Could you tell us what do you
 wanna achieve?
 If you want to encrypt/decrypt texts, you can use the secvault. You can
 refer [1] if that is your intention.

 [1] https://github.com/wso2/carbon-secvault/blob/master/samp
 les/org.wso2.carbon.secvault.samples.standalone/src/main/jav
 a/org/wso2/carbon/secvault/samples/standalone/Application.java

 Thanks
 Thusitha

 On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya <
 subhashi...@wso2.com> wrote:

> Hi all,
>
> I am supposed to store a token securely. Is there something similar to
> CryptoUtil [1] available in C5?
>
> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
> o2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java
> 
>
> Thanks and regards,
> Subhashinie
> Intern | Software Engineering
> WSO2, Inc. : http://wso2.com
>
> Email : subhashi...@wso2.com
>



 --
 Thusitha Dayaratne
 WSO2 Inc. - lean . enterprise . middleware |  wso2.com

 Mobile  +94712756809 <+94%2071%20275%206809>
 Blog  alokayasoya.blogspot.com
 Abouthttp://about.me/thusithathilina
 


>>>
>>>
>>> --
>>>
>>>
>>> *Niranjan Karunanandham*
>>> Associate Technical Lead - WSO2 Inc.
>>> WSO2 Inc.: http://www.wso2.com
>>>
>>>
>>
>
___
Dev mailing list
Dev@wso2.org

Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-12 Thread Subhashinie Koshalya 
Hi all,

Is there a way to know the maximum length of a string that can be encrypted
using a key in wso2carbon.jks [1] or
securevault.jks [2] while using DefaultSecretRepository.java [3].

I have a RS256 encoded JWT which is about 900 characters long. When
encrypting it by storing it in secrets.properties, it does not give a
cipherText. This is all i get,

​
Is it because of the length or are there any other constraints?
Also is there a better way that I could store my token securely?

[1]
https://github.com/wso2/product-apim/blob/master/product/carbon-home/resources/security/wso2carbon.jks
[2]
https://github.com/wso2/carbon-secvault/blob/master/features/org.wso2.carbon.secvault.feature/resources/resources/security/securevault.jks
[3]
https://github.com/wso2/carbon-secvault/blob/master/components/org.wso2.carbon.secvault/src/main/java/org/wso2/carbon/secvault/repository/DefaultSecretRepository.java

Thanks and regards,
Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com

On Mon, Oct 9, 2017 at 5:13 PM, Subhashinie Koshalya 
wrote:

> Hi Thusitha and Niranjan,
>
> The requirement is to encrypt a JWT without having to store another
> password or a key. Thanks a lot for the links. They seem to solve the
> problem. I'll get back to you if it did not come out as expected.
>
> Thanks and regards,
>
> Subhashinie
> Intern | Software Engineering
> WSO2, Inc. : http://wso2.com
>
> Email : subhashi...@wso2.com
>
> On Mon, Oct 9, 2017 at 3:35 PM, Niranjan Karunanandham 
> wrote:
>
>> Hi Subhashinie,
>>
>> In C5, the secure vault component is moved to a separate repo [1]. In
>> order to encrypt your value, you need to get an instance of the secure
>> vault and call the encrypt method in [2].
>>
>> [1] - https://github.com/wso2/carbon-secvault
>> [2] - https://github.com/wso2/carbon-secvault/blob/master/tools/
>> org.wso2.carbon.secvault.ciphertool/src/main/java/org/
>> wso2/carbon/secvault/ciphertool/CipherTool.java
>>
>> Regards,
>> Nira
>>
>> On Mon, Oct 9, 2017 at 3:32 PM, Thusitha Thilina Dayaratne <
>> thusit...@wso2.com> wrote:
>>
>>> Hi Subhashinie,
>>>
>>> C5 doesn't contain that particular class. Could you tell us what do you
>>> wanna achieve?
>>> If you want to encrypt/decrypt texts, you can use the secvault. You can
>>> refer [1] if that is your intention.
>>>
>>> [1] https://github.com/wso2/carbon-secvault/blob/master/samp
>>> les/org.wso2.carbon.secvault.samples.standalone/src/main/jav
>>> a/org/wso2/carbon/secvault/samples/standalone/Application.java
>>>
>>> Thanks
>>> Thusitha
>>>
>>> On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya <
>>> subhashi...@wso2.com> wrote:
>>>
 Hi all,

 I am supposed to store a token securely. Is there something similar to
 CryptoUtil [1] available in C5?

 [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
 o2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java
 

 Thanks and regards,
 Subhashinie
 Intern | Software Engineering
 WSO2, Inc. : http://wso2.com

 Email : subhashi...@wso2.com

>>>
>>>
>>>
>>> --
>>> Thusitha Dayaratne
>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>
>>> Mobile  +94712756809 <+94%2071%20275%206809>
>>> Blog  alokayasoya.blogspot.com
>>> Abouthttp://about.me/thusithathilina
>>> 
>>>
>>>
>>
>>
>> --
>>
>>
>> *Niranjan Karunanandham*
>> Associate Technical Lead - WSO2 Inc.
>> WSO2 Inc.: http://www.wso2.com
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-09 Thread Subhashinie Koshalya 
Hi Thusitha and Niranjan,

The requirement is to encrypt a JWT without having to store another
password or a key. Thanks a lot for the links. They seem to solve the
problem. I'll get back to you if it did not come out as expected.

Thanks and regards,

Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com

On Mon, Oct 9, 2017 at 3:35 PM, Niranjan Karunanandham 
wrote:

> Hi Subhashinie,
>
> In C5, the secure vault component is moved to a separate repo [1]. In
> order to encrypt your value, you need to get an instance of the secure
> vault and call the encrypt method in [2].
>
> [1] - https://github.com/wso2/carbon-secvault
> [2] - https://github.com/wso2/carbon-secvault/blob/master/
> tools/org.wso2.carbon.secvault.ciphertool/src/main/
> java/org/wso2/carbon/secvault/ciphertool/CipherTool.java
>
> Regards,
> Nira
>
> On Mon, Oct 9, 2017 at 3:32 PM, Thusitha Thilina Dayaratne <
> thusit...@wso2.com> wrote:
>
>> Hi Subhashinie,
>>
>> C5 doesn't contain that particular class. Could you tell us what do you
>> wanna achieve?
>> If you want to encrypt/decrypt texts, you can use the secvault. You can
>> refer [1] if that is your intention.
>>
>> [1] https://github.com/wso2/carbon-secvault/blob/master/samp
>> les/org.wso2.carbon.secvault.samples.standalone/src/main/
>> java/org/wso2/carbon/secvault/samples/standalone/Application.java
>>
>> Thanks
>> Thusitha
>>
>> On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya <
>> subhashi...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> I am supposed to store a token securely. Is there something similar to
>>> CryptoUtil [1] available in C5?
>>>
>>> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
>>> o2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java
>>> 
>>>
>>> Thanks and regards,
>>> Subhashinie
>>> Intern | Software Engineering
>>> WSO2, Inc. : http://wso2.com
>>>
>>> Email : subhashi...@wso2.com
>>>
>>
>>
>>
>> --
>> Thusitha Dayaratne
>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>
>> Mobile  +94712756809 <+94%2071%20275%206809>
>> Blog  alokayasoya.blogspot.com
>> Abouthttp://about.me/thusithathilina
>> 
>>
>>
>
>
> --
>
>
> *Niranjan Karunanandham*
> Associate Technical Lead - WSO2 Inc.
> WSO2 Inc.: http://www.wso2.com
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-09 Thread Thusitha Thilina Dayaratne 
Hi Subhashinie,

C5 doesn't contain that particular class. Could you tell us what do you
wanna achieve?
If you want to encrypt/decrypt texts, you can use the secvault. You can
refer [1] if that is your intention.

[1]
https://github.com/wso2/carbon-secvault/blob/master/samples/org.wso2.carbon.secvault.samples.standalone/src/main/java/org/wso2/carbon/secvault/samples/standalone/Application.java


Thanks
Thusitha

On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya 
wrote:

> Hi all,
>
> I am supposed to store a token securely. Is there something similar to
> CryptoUtil [1] available in C5?
>
> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/
> org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/
> util/CryptoUtil.java
> 
>
> Thanks and regards,
> Subhashinie
> Intern | Software Engineering
> WSO2, Inc. : http://wso2.com
>
> Email : subhashi...@wso2.com
>



-- 
Thusitha Dayaratne
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

Mobile  +94712756809
Blog  alokayasoya.blogspot.com
Abouthttp://about.me/thusithathilina

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Is there a CryptoUtil available in C5?

2017-10-09 Thread Subhashinie Koshalya 
Hi all,

I am supposed to store a token securely. Is there something similar to
CryptoUtil [1] available in C5?

[1]
https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java


Thanks and regards,
Subhashinie
Intern | Software Engineering
WSO2, Inc. : http://wso2.com

Email : subhashi...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Is there a CryptoUtil available in C5?

2017-10-09 Thread Niranjan Karunanandham 
Hi Subhashinie,

In C5, the secure vault component is moved to a separate repo [1]. In order
to encrypt your value, you need to get an instance of the secure vault and
call the encrypt method in [2].

[1] - https://github.com/wso2/carbon-secvault
[2] -
https://github.com/wso2/carbon-secvault/blob/master/tools/org.wso2.carbon.secvault.ciphertool/src/main/java/org/wso2/carbon/secvault/ciphertool/CipherTool.java

Regards,
Nira

On Mon, Oct 9, 2017 at 3:32 PM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Subhashinie,
>
> C5 doesn't contain that particular class. Could you tell us what do you
> wanna achieve?
> If you want to encrypt/decrypt texts, you can use the secvault. You can
> refer [1] if that is your intention.
>
> [1] https://github.com/wso2/carbon-secvault/blob/master/
> samples/org.wso2.carbon.secvault.samples.standalone/
> src/main/java/org/wso2/carbon/secvault/samples/standalone/Application.java
>
>
> Thanks
> Thusitha
>
> On Mon, Oct 9, 2017 at 3:25 PM, Subhashinie Koshalya  > wrote:
>
>> Hi all,
>>
>> I am supposed to store a token securely. Is there something similar to
>> CryptoUtil [1] available in C5?
>>
>> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.
>> wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/CryptoUtil.java
>> 
>>
>> Thanks and regards,
>> Subhashinie
>> Intern | Software Engineering
>> WSO2, Inc. : http://wso2.com
>>
>> Email : subhashi...@wso2.com
>>
>
>
>
> --
> Thusitha Dayaratne
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> 
>
>


-- 


*Niranjan Karunanandham*
Associate Technical Lead - WSO2 Inc.
WSO2 Inc.: http://www.wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev