[security-dev] Database driven Java Keystore
Anil Saldhana
Anil.Saldhana at redhat.com
Tue Aug 21 12:44:59 EDT 2012
Hi all,
you are familiar with the file based standard Java keystore. KeyTool
is a command line utility to deal with the standard keystore.
The challenges with a file based keystore are plenty:
a) Each node in a cluster needs to have a local copy. NFS based keystore
does solve this problem.
b) Updates to keystore need to be done with each copy in a cluster.
I put in a DB backed keystore that is standalone with dependence on
Bouncycastle jars alone.
https://docs.jboss.org/author/display/SECURITY/Java+Keystores
There are multiple TBD items listed on the page.
There is a master salt. It is used to MD5 hash+salt the keystore
password (master password) and also individual key passwords.
Feedback welcome.
Regards,
Anil
More information about the security-dev
mailing list