Hello Team,
I want to use jasypt-encryption for my karaf based
application to secure configuration files. Now I am able to configure jasypt
encryption and karaf is running without error.
But I am not getting, how to provide a key for jasypt-encyption which is to be
used for encryption and decryption of password.
Also, I am not getting the way, how to provide an encrypted password for my
configuration file.
Need to know the exact steps for using jasypt-encryption to secure
configuration files of Karaf bundles.
I did the browsing for this but the results are confusing me.
Please help me to resolve this.
Thanks & regards,
Sneha Patange
From: Patange, Sneha
Sent: Monday, July 24, 2023 2:16 PM
To: user@karaf.apache.org
Subject: RE: Query for way to use Karaf 4.4.3 Jaas with jasypt encryption
Hello Jean,
Thanks for the reply with that I am able to resolve the error.
I have installed jasypt encryption feature using command "feature:install
jasypt-encryption" and now Karaf runs without any error.
Also, I have checked through the Karaf console if the feature is really
installed using the feature:list command, the output is as per below. Seems to
be it is correctly installed.
[cid:image001.png@01D9BF26.0F074F20]
Now I want to use the encrypted password for the bundle configuration file. For
that I have used the command "jasypt:encrypt password="my-password". But the
command not found error is thrown on the console. Can you please guide me to
resolve this?
How to provide the key to StringEncryptor service class which is used for the
encryption and decryption of passwords?
Do we need to mention the bundle configuration file(the file which needs to be
secure) name under the ‘/etc/org.apache.karaf.jaas.cfg’ file as per my previous
post?
Thanks & regards,
Sneha Patange
-----Original Message-----
From: Jean-Baptiste Onofré <j...@nanthrax.net<mailto:j...@nanthrax.net>>
Sent: Friday, July 21, 2023 6:16 PM
To: user@karaf.apache.org<mailto:user@karaf.apache.org>; Patange, Sneha
<sneha.pata...@knorr-bremse.com<mailto:sneha.pata...@knorr-bremse.com>>
Subject: Re: Query for way to use Karaf 4.4.3 Jaas with jasypt encryption
[You don't often get email from j...@nanthrax.net<mailto:j...@nanthrax.net>.
Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Hi
Do you have the jasypt feature installed ?
Regards
JB
On Fri, Jul 21, 2023 at 10:35 AM Patange, Sneha via user
<user@karaf.apache.org<mailto:user@karaf.apache.org>> wrote:
>
> Hello Team,
>
> I am using Karaf 4.4.3 version for my application. My
> application is java(17) based which is using the karaf osgi environment for
> deployment and running. Recently there is a requirement for securing
> sensitive information of bundle configuration files which contains mainly
> password. From analysis, I came to know that we can use karaf jaas for
> encryption and decryption as well.
>
>
>
> To enable encryption via jaas using jasypt encryption I have done the
> following things,
>
>
>
> Added dependency of jaas jasypt to karaf pom.xml
>
>
>
> <dependency>
>
> <groupId>org.apache.karaf.jaas</groupId>
>
> <artifactId>org.apache.karaf.jaas.jasypt</artifactId>
>
> <version>4.4.3</version>
>
> <scope>test</scope>
>
> </dependency>
>
>
>
> Also changed the properties of /etc/org.apache.karaf.jaas.cfg file as
> follows,
>
>
>
> encryption.name=jasypt
>
> encryption.algorithm = SHA-256
>
> encryption.encoding = hexadecimal
>
> encryption.prefix = {CRYPT}
>
> encryption.suffix = {CRYPT}
>
> config.file = /opt/icom/conf/myconfig.cfg
>
>
>
> Changed the configuration file property for which the encryption is
> required such as,
>
>
>
> # /opt/icom/conf/myconfig.cfg
>
> password=ENC(SHA-256:password)
>
>
>
> I have built the karaf assembly with the added dependency and started the
> karaf.
>
>
>
> Got the below issue in karaf shell,
>
>
>
> Exception in thread "encryption-2-thread-1" Exception in thread
> "encryption-1-thread-1" java.lang.IllegalStateException: Encryption service
> jasypt not found. Please check that the encryption service is correctly set
> up.
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.getEncrypti
> onInternal(EncryptionSupport.java:137)
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.getEncrypti
> on(EncryptionSupport.java:123)
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.encrypt(Enc
> ryptionSupport.java:74)
>
> at
> org.apache.karaf.jaas.modules.properties.AutoEncryptionSupport.encrypt
> edPassword(AutoEncryptionSupport.java:138)
>
> at
> org.apache.karaf.jaas.modules.properties.AutoEncryptionSupport.run(Aut
> oEncryptionSupport.java:90)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> Executor.java:1136)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> lExecutor.java:635)
>
> at java.base/java.lang.Thread.run(Thread.java:833)
>
> java.lang.IllegalStateException: Encryption service jasypt not found. Please
> check that the encryption service is correctly set up.
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.getEncrypti
> onInternal(EncryptionSupport.java:137)
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.getEncrypti
> on(EncryptionSupport.java:123)
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.encrypt(Enc
> ryptionSupport.java:74)
>
> at
> org.apache.karaf.jaas.modules.properties.AutoEncryptionSupport.encrypt
> edPassword(AutoEncryptionSupport.java:138)
>
> at
> org.apache.karaf.jaas.modules.properties.AutoEncryptionSupport.run(Aut
> oEncryptionSupport.java:90)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> Executor.java:1136)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> lExecutor.java:635)
>
> at java.base/java.lang.Thread.run(Thread.java:833)
>
> Exception in thread "encryption-3-thread-1" java.lang.IllegalStateException:
> Encryption service jasypt not found. Please check that the encryption service
> is correctly set up.
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.getEncrypti
> onInternal(EncryptionSupport.java:137)
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.getEncrypti
> on(EncryptionSupport.java:123)
>
> at
> org.apache.karaf.jaas.modules.encryption.EncryptionSupport.encrypt(Enc
> ryptionSupport.java:74)
>
> at
> org.apache.karaf.jaas.modules.properties.AutoEncryptionSupport.encrypt
> edPassword(AutoEncryptionSupport.java:138)
>
> at
> org.apache.karaf.jaas.modules.properties.AutoEncryptionSupport.run(Aut
> oEncryptionSupport.java:90)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> Executor.java:1136)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> lExecutor.java:635)
>
> at java.base/java.lang.Thread.run(Thread.java:833)
>
>
>
> I have dug down more to resolve the issue. Come to know that I also need to
> define and register a StringEncryptor service. How can I register it without
> blueprint.xml configuration?
>
>
>
> am I missing something to do? Please let me know the exact way of doing it.
> Please help me to resolve the issue. I am waiting for your answer.
>
>
>
> Thanks & regards,
>
> Sneha Patange
>
>
>
>
>
> This transmission is intended solely for the addressee and contains
> confidential information.
> If you are not the intended recipient, please immediately inform the sender
> and delete the message and any attachments from your system.
> Furthermore, please do not copy the message or disclose the contents to
> anyone unless agreed otherwise. To the extent permitted by law we shall in no
> way be liable for any damages, whatever their nature, arising out of
> transmission failures, viruses, external influence, delays and the like.
This transmission is intended solely for the addressee and contains
confidential information.
If you are not the intended recipient, please immediately inform the sender and
delete the message and any attachments from your system.
Furthermore, please do not copy the message or disclose the contents to anyone
unless agreed otherwise. To the extent permitted by law we shall in no way be
liable for any damages, whatever their nature, arising out of transmission
failures, viruses, external influence, delays and the like.
