You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Aleksandar Vidakovic (Jira)" <ji...@apache.org> on 2021/02/28 19:14:00 UTC
[jira] [Commented] (FINERACT-1034) RSA Encryption
[ https://issues.apache.org/jira/browse/FINERACT-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17292483#comment-17292483 ]
Aleksandar Vidakovic commented on FINERACT-1034:
------------------------------------------------
[~fynmanoj] is this still being worked on? From what I understood in the description: I think this is covered by the fact that we always send data over HTTPS. Encrypting pieces of information inside of an encrypted channel (HTTPS) doesn't give yield "more security", because it's "twice encrypted". In the end what you are describing is a bit like OAuth access tokens (concerning the timeouts). Speaking from own experience in implementing such a feature: you'll see that once in production you'll probably need to relax the timeouts considerably, because the parties (clients) involved have out of tune system clocks. I used this approach with a REST API where the authentication was done with anĀ API key that was encrypted with validity timeout. In the end I had to relax the timeouts in the range of minutes, because the integration partner was unable to tune his clocks.
I'd suggest to close this issue if there's no further activity here.
> RSA Encryption
> --------------
>
> Key: FINERACT-1034
> URL: https://issues.apache.org/jira/browse/FINERACT-1034
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Manoj
> Assignee: Manoj
> Priority: Minor
> Fix For: 1.5.0
>
>
> Add RSA key generation API and decryption infra for requests that require encryption from source such as biometric, authentication etc.. Also create a self expiring keystore
--
This message was sent by Atlassian Jira
(v8.3.4#803005)