Return-Path: X-Original-To: apmail-karaf-user-archive@minotaur.apache.org Delivered-To: apmail-karaf-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0297BBCFC for ; Wed, 4 Jan 2012 22:43:12 +0000 (UTC) Received: (qmail 47544 invoked by uid 500); 4 Jan 2012 22:43:11 -0000 Delivered-To: apmail-karaf-user-archive@karaf.apache.org Received: (qmail 47519 invoked by uid 500); 4 Jan 2012 22:43:11 -0000 Mailing-List: contact user-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@karaf.apache.org Delivered-To: mailing list user@karaf.apache.org Received: (qmail 47511 invoked by uid 99); 4 Jan 2012 22:43:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jan 2012 22:43:11 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of bengt.rodehav@gmail.com designates 209.85.214.176 as permitted sender) Received: from [209.85.214.176] (HELO mail-tul01m020-f176.google.com) (209.85.214.176) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jan 2012 22:43:05 +0000 Received: by obcwn14 with SMTP id wn14so20739974obc.21 for ; Wed, 04 Jan 2012 14:42:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=6IKEEQatOU+QBc1/sHiVNFhPqAPgIi6cz26t6DKNm7k=; b=i93ikkuUfg3rYwNVfQ+sokgFRlJbemJsvNStvjrLv4iseO1IbPPD2QOWGKi7xqVp/G TaBwBJhbcbcfOomtlQxYQYWjKdVVmE2x1qoJLNxK25IaNgeeQJhwJ8t1M7bSSRxtJ+wt g4xHNdvIExXv8a0BGswPj+T7NmIqWRt1C0cy4= MIME-Version: 1.0 Received: by 10.182.15.105 with SMTP id w9mr16051945obc.18.1325716963828; Wed, 04 Jan 2012 14:42:43 -0800 (PST) Sender: bengt.rodehav@gmail.com Received: by 10.182.231.70 with HTTP; Wed, 4 Jan 2012 14:42:43 -0800 (PST) In-Reply-To: <7BED83CE-112D-46A3-836F-74D7983BFDA1@code-house.org> References: <7BED83CE-112D-46A3-836F-74D7983BFDA1@code-house.org> Date: Wed, 4 Jan 2012 23:42:43 +0100 X-Google-Sender-Auth: i4TFksw__oEL7MdGyKwZIAmL84s Message-ID: Subject: Re: Encryption of passwords From: Bengt Rodehav To: user@karaf.apache.org Content-Type: multipart/alternative; boundary=f46d0447f2d8b3a43704b5bb88f1 X-Virus-Checked: Checked by ClamAV on apache.org --f46d0447f2d8b3a43704b5bb88f1 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Thanks for you suggestion Lukasz but I already read that part. Looking at it again, it seems like encryption is only supported in JAAS configurations. I was hoping that it could be used in any configuration file managed by config admin (or rather fileinstall). E g we configure a lot of camel routes using e g ftp. In that case we need to configure the route with the correct user and password. We currently do that using config admin. I was hoping that Karaf's encryption support could make the passwords in those configuration files encrypted. They would of course have to be decrypted before the config admin feeds a service with the configuration. Did I completely misunderstand the encryption service? /Bengt 2012/1/4 =A3ukasz Dywicki > Please reffer the documentation: > > > http://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-fra= mework.html#Encryptionservice > > For stronger security use a Jaspyt. > > =A3ukasz Dywicki > -- > Code-House > http://code-house.org > > Wiadomo=B6=E6 napisana przez Bengt Rodehav w dniu 2012-01-04, o godz. 21:= 22: > > I've seen that Karaf provides an encryption service but I haven't figured > out how to use it. > > In our case we sometimes have to store passwords in configuration files. > Can the encryption service be used to encrypt them and then decrypt them > when configuration admin passes a configuration to a service? If so, how = do > I accomplish this? > > /Bengt > > > > > > --f46d0447f2d8b3a43704b5bb88f1 Content-Type: text/html; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Thanks for you suggestion Lukasz but I already read that part.

Looking at it again, it seems like encryption is only supported in J= AAS configurations. I was hoping that it could be used in any configuration= file managed by config admin (or rather fileinstall). E g we configure a l= ot of camel routes using e g ftp. In that case we need to configure the rou= te with the correct user and password. We currently do that using config ad= min. I was hoping that Karaf's encryption support could make the passwo= rds in those configuration files encrypted. They would of course have to be= decrypted before the config admin feeds a service with the configuration.<= /div>

Did I completely misunderstand the encryption service?<= /div>

/Bengt

2012/1/4 = =A3ukasz Dywicki <luke@code-house.org>
Ple= ase reffer the documentation:


For stronger security use a Jaspyt.

=A3ukasz Dywicki
=
--
Code-House

Wiadomo=B6=E6 napisana przez Bengt= Rodehav w dniu 2012-01-04, o godz. 21:22:

I've seen= that Karaf provides an encryption service but I haven't figured out ho= w to use it.

In our case we sometimes have to store pass= words in configuration files. Can the encryption service be used to encrypt= them and then decrypt them when configuration admin passes a configuration= to a service? If so, how do I accomplish this?

/Bengt





--f46d0447f2d8b3a43704b5bb88f1--