geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Updated: (GERONIMO-2925) Key used for encryption same for all server instances
Date Sat, 15 Sep 2007 03:45:32 GMT


David Jencks updated GERONIMO-2925:

    Attachment: GERONIMO-2925.patch

I've implemented a pluggable encryption system for passwords in the attached patch.

By default you get the old behavior with "{Simple}" encryption with a hard-coded key.  I think
this is normally the best tradeoff although I like no encryption and security your machines
even better.

If you want to have a fixed key generated by geronimo you can add this gbean to the rmi-naming
module in config.xml:

<gbean name="org.apache.geronimo.configs/rmi-naming/2.1-SNAPSHOT/car?name=ConfiguredEncryption,j2eeType=GBean"
<attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
<reference name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference>

This will create a key the first time its started, after that it will keep using the saved
key at the location specified.  If you put a serialized SecretKeySpec there it will use it

Of course using something like this leaves your system open to the key file changing or disappearing
and losing all the saved password info.

I'd like some review of this before I commit it: it seems to work.

> Key used for encryption same for all server instances
> -----------------------------------------------------
>                 Key: GERONIMO-2925
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 2.0-M5
>            Reporter: Michael Malgeri
>            Assignee: David Jencks
>            Priority: Critical
>         Attachments: GERONIMO-2925.patch
> We understand that WASCE use AES to encrypt the password.  You do 
> javax.crypto.Cipher.getInstance("AES") and init() with a hard-coded key.
> This key is same for all the WASCE server instances.  Anyone getting access to a downloaded
version of the software can have the algorithm and decrypt the password.  So we need your
urgent help on the following:
> 1. provide a solution with key management that we can control
> 2. provide a pluggable encryption solution so that we can use our internal algorithms
and key management
> At least,
> 3. the key should be dynamically generated in each of the installations that would reduce
the ability to decrypt to someone who has access to the server.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message