You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Jarek Gawor (JIRA)" <ji...@apache.org> on 2007/09/15 08:00:32 UTC

[jira] Commented: (GERONIMO-2925) Key used for encryption same for all server instances

    [ https://issues.apache.org/jira/browse/GERONIMO-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12527698 ] 

Jarek Gawor commented on GERONIMO-2925:
---------------------------------------

David,

I think EncyptionManager.encrypt() should be able to encrypt anything even the output of itself. Right now, like you mentioned, it will try to decrypt the input if the input starts with the set prefix. Also, the current implementation will return null (or throw some exception) if the input starts with a "{", e.g. {foobar.
Also, EncyptionManager.decrypt() will return null either if the decryption fails or if there is no Encryption object installed for the prefix. Maybe something to document in javadoc.


> Key used for encryption same for all server instances
> -----------------------------------------------------
>
>                 Key: GERONIMO-2925
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-2925
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 2.0-M5
>            Reporter: Michael Malgeri
>            Assignee: David Jencks
>            Priority: Critical
>         Attachments: GERONIMO-2925.patch
>
>
> We understand that WASCE use AES to encrypt the password.  You do 
> javax.crypto.Cipher.getInstance("AES") and init() with a hard-coded key.
> This key is same for all the WASCE server instances.  Anyone getting access to a downloaded version of the software can have the algorithm and decrypt the password.  So we need your urgent help on the following:
> 1. provide a solution with key management that we can control
> 2. provide a pluggable encryption solution so that we can use our internal algorithms and key management
> At least,
> 3. the key should be dynamically generated in each of the installations that would reduce the ability to decrypt to someone who has access to the server.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.