[
https://jira.jboss.org/jira/browse/JBESB-2121?page=com.atlassian.jira.plu...
]
Daniel Bevenius commented on JBESB-2121:
----------------------------------------
The util also relies on having a keystore configured but it would be
sufficient to have the key(s) automatically generated on startup and use this to encrypt
the >session information.
If we generate keys upon startup the keys will only be
known to that ESB node. If the message switches to a different node then using that
solution will not work. That is why we are currently using a keystore so that users can
configure a key pair that can be installed on all nodes and they will be abe to decrypt a
security context encrypted by other nodes. Is this not what we want?
Replace crypto util with sealed object
--------------------------------------
Key: JBESB-2121
URL:
https://jira.jboss.org/jira/browse/JBESB-2121
Project: JBoss ESB
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: 4.4 CP1
Reporter: Kevin Conner
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
The crypto util classes are used to encrypt the SecurityContext but we should be able to
use a SealedObject.
The util also relies on having a keystore configured but it would be sufficient to have
the key(s) automatically generated on startup and use this to encrypt the session
information.
Another issue with the class is that the encrypt/decrypt methods repeatedly encrypt the
serialised data in chunks but the encrypt/decrypt sizes are very dependent on the block
cipher in use (currently RSA). If the configuration specifies a different cipher then
this is likely to fail. If we can move to a SealedObject then this should no longer be an
issue.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira