Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 19678 invoked from network); 16 Sep 2007 21:56:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Sep 2007 21:56:56 -0000 Received: (qmail 37745 invoked by uid 500); 16 Sep 2007 21:56:47 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 37696 invoked by uid 500); 16 Sep 2007 21:56:47 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 37685 invoked by uid 99); 16 Sep 2007 21:56:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Sep 2007 14:56:47 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Sep 2007 21:58:43 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 490877141FE for ; Sun, 16 Sep 2007 14:56:32 -0700 (PDT) Message-ID: <30919833.1189979792296.JavaMail.jira@brutus> Date: Sun, 16 Sep 2007 14:56:32 -0700 (PDT) From: "David Jencks (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-2925) Key used for encryption same for all server instances In-Reply-To: <4020819.1172873630908.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12527905 ] David Jencks commented on GERONIMO-2925: ---------------------------------------- Re Jarek's comments: - looking for initial '{' is only to decide whether to try to decode first. If it isn't followed by a registered encryption name the decryption will return the original string. So you can encrypt anything that doesn't start with a registered encription name. - trying to decrypt something that doesn't start with a registered encryption name will return the original input. - currently the response to exceptions is to return null.... I don't think this is very appropriate but I'm not sure what is better. Suggestions? - I think the proposed behavior of making EncryptionManager.encrypt and decrypt idempotent is a good idea as it significantly simplifies all the callers. Some documentation of what is intended would definitely be a good idea. I'll add it if and before I commit. > Key used for encryption same for all server instances > ----------------------------------------------------- > > Key: GERONIMO-2925 > URL: https://issues.apache.org/jira/browse/GERONIMO-2925 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 2.0-M5 > Reporter: Michael Malgeri > Assignee: David Jencks > Priority: Critical > Attachments: GERONIMO-2925.patch > > > We understand that WASCE use AES to encrypt the password. You do > javax.crypto.Cipher.getInstance("AES") and init() with a hard-coded key. > This key is same for all the WASCE server instances. Anyone getting access to a downloaded version of the software can have the algorithm and decrypt the password. So we need your urgent help on the following: > 1. provide a solution with key management that we can control > 2. provide a pluggable encryption solution so that we can use our internal algorithms and key management > At least, > 3. the key should be dynamically generated in each of the installations that would reduce the ability to decrypt to someone who has access to the server. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.