ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pratyush Giri <hacker.kids....@gmail.com>
Subject Re: Ofbiz Encryption Model and Key Rotation
Date Wed, 18 Mar 2020 18:12:29 GMT
Hi Jacques,

Forst, I thought I have posted it to the User ML, and if it reached
somewhere else, I apologize.

I have a few entities which I have created for a plugin and these entities
have columns in the entities where encrypt="true".

With this, I have tested that when I save some data to these fields, they
are encrypted (used a select in SQL to verify).  In my seed data, I have
also added a Keystore entry with a key and a key text. I do not do anything
fancy, just set the entity attributed and then save them.

This means that Ofbiz is using some keys to encrypt the columns. Then when
I went into my entity reference and checked the Key Store entries, along
with my key I see a bunch of other keys and key text. Please note that I
did a clean all followed by a loadProdData ( no demo data in my instance).

1. Where are these other keys coming from?
2. Which key was used to encrypt these columns?
3. For security reasons, I would like to rotate keys (say annually). How do
I do that? I see EntityDataServices has these following 2 services. is that
what needs to be done?

<service name="reencryptPrivateKeys" engine="java" auth="true"
    <description>Re-encrypt the private keys, encrypted in
EntityKeyStore with oldKey, using the newKey.</description>
    <attribute name="oldKey" type="String" mode="IN" optional="true"/>
    <attribute name="newKey" type="String" mode="IN" optional="true"/>

<service name="reencryptFields" engine="java" auth="true"
    <description>Re-encrypt all the encrypted fields in the data
    <attribute name="groupName" type="String" mode="IN"
optional="true" default-value="org.apache.ofbiz"/>

Overall, it would be a good idea to understand these and looking for if
someone has the knowledge or understanding around these.

Any suggestions are greatly appreciated.


On Wed, Mar 18, 2020 at 12:30 AM Jacques Le Roux <
jacques.le.roux@les7arts.com> wrote:

> Hi Pratyush,
> Your message has been moderated.
> Please subscribe to the user ML for such questions and then use your email
> client.
> See why here http://ofbiz.apache.org/mailing-lists.html.
> You will get a better support, people can answer you on the ML.
> The wider the audience the better the answers you might get.
> Also it's more work for moderators who have to accept your messages as
> long as you have not subscribed.
> I'll personally no longer accept them (other moderators still could).
> Thanks
> This said, in what context do you use encryption keys? Can you refer to a
> code section or something?
> Jacques
> Le 18/03/2020 à 07:30, pratyush Giri a écrit :
> > Hi All,
> >
> > I am looking to understand on my production system
> >
> > 1. How and where I can configure encryption keys.
> > 2. If I need to rotate the encryption keys, what is the process to do so?
> >
> >
> > Thank you in advance.
> >
> > Best,
> > Pratyush

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message