You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2019/04/03 10:53:55 UTC
[syncope] branch master updated: Warning about short secretKey
values for AES
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 77422d6 Warning about short secretKey values for AES
77422d6 is described below
commit 77422d6ccad443efb80ed51669f2f9d3fce55b98
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Wed Apr 3 12:53:11 2019 +0200
Warning about short secretKey values for AES
---
.../systemadministration/configurationparameters.adoc | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc
index b3639d5..1aa5579 100644
--- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc
+++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/configurationparameters.adoc
@@ -25,6 +25,13 @@ barely invoking the REST layer through http://curl.haxx.se/[curl^]:
* `password.cipher.algorithm` - which cipher algorithm shall be used for encrypting password values; supported
algorithms include `SHA-1`, `SHA-256`, `SHA-512`, `AES`, `S-MD5`, `S-SHA-1`, `S-SHA-256`, `S-SHA-512` and `BCRYPT`;
salting options are available in the `security.properties` file;
+[WARNING]
+The value of the `secretKey` property in the `security.properties` file is used for AES-based encryption / decription.
+Besides password values, this is also used whenever reversible encryption is needed, throughout the whole system. +
+When the `secretKey` value has length less than 16, it is right-padded by random characters during startup, to reach
+such mininum value. +
+It is *strongly* recommended to provide a value long at least 16 characters, in order to avoid unexpected behaviors
+at runtime, expecially with high-availability.
* `jwt.lifetime.minutes` - validity of https://en.wikipedia.org/wiki/JSON_Web_Token[JSON Web Token^] values used for
<<rest-authentication-and-authorization,authentication>> (in minutes);
* `notificationjob.cronExpression` -