You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by ashonline <as...@mac.com> on 2017/05/19 13:02:47 UTC
Encrypted keystore password
Hi,
I'm in the process of configuring karaf to use SSL communication and have
therefore provided the password to the keystore in the org.ops4j.pax.web.cfg
file:
org.ops4j.pax.web.ssl.keypassword=mypwd
I can't however find anything in the documentation that tells me how to
encrypt the password, for example by surrounding the password digest with
{CRYPT} markers.
Please advise whether or not this encryption capability exists or, if not,
what we can do as a workaround? It won't be acceptable for our clients to
have to type in their password in plain text for their keystore that they
will provide to our karaf based framework.
--
View this message in context: http://karaf.922171.n3.nabble.com/Encrypted-keystore-password-tp4050396.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Encrypted keystore password
Posted by ashonline <as...@mac.com>.
Hi Freeman,
Thanks for your response, this is excellent news. We are currently using
ServiceMix 7.0.0, which is configured with Karaf 4.0.8, so for now we won't
be able to use the solution. However I think it will be acceptable for us to
wait for a future release of ServiceMix with the encryption capabilities.
Thanks once again.
- Ash
--
View this message in context: http://karaf.922171.n3.nabble.com/Encrypted-keystore-password-tp4050396p4050433.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Encrypted keystore password
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Yes, provided you are using Karaf 4.1.x, which in turn uses the pax.web 6.0.x.
Basically we use jasypt to encrypt the sensitive string, hence introduce several more properties for pax web pid, such as enc.masterpassword, enc.algorithm, enc.enabled, enc.prefix, enc.suffix. Moreover, you can configure the masterpassword for the jasypt encryptor with env variable or system property, other configuration for decryptor all have default values.
Please take a look at PAXWEB-1021[1] to get more details.
[1]https://ops4j1.jira.com/browse/PAXWEB-1021 <https://ops4j1.jira.com/browse/PAXWEB-1021>
Cheers
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
> On May 19, 2017, at 9:02 PM, ashonline <as...@mac.com> wrote:
>
> Hi,
>
> I'm in the process of configuring karaf to use SSL communication and have
> therefore provided the password to the keystore in the org.ops4j.pax.web.cfg
> file:
>
> org.ops4j.pax.web.ssl.keypassword=mypwd
>
> I can't however find anything in the documentation that tells me how to
> encrypt the password, for example by surrounding the password digest with
> {CRYPT} markers.
>
> Please advise whether or not this encryption capability exists or, if not,
> what we can do as a workaround? It won't be acceptable for our clients to
> have to type in their password in plain text for their keystore that they
> will provide to our karaf based framework.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Encrypted-keystore-password-tp4050396.html
> Sent from the Karaf - User mailing list archive at Nabble.com.