[JBoss JIRA] (WFCORE-3075) KeyStore password as default KeyManager password

Wednesday, 19 July 2017

     [
https://issues.jboss.org/browse/WFCORE-3075?page=com.atlassian.jira.plugi...
]

Jan Kalina updated WFCORE-3075:
-------------------------------
    Description: 
In Elytron, there is keystore password (key-store resource) and key password (key-managers
resource) required. 
However in theory there could be cases, where no password can be intended
- key-store resource for truststore purposes (reading truststore) (but in legacy is
password required)
- PKCS12 can be created without key password (but keystore password in legacy is
required)
- you can create JKS programatically without keystore password
- *in legacy key password is optional (which mean keystore password is used)*

...
From discussion: We can make the password optional on the KeyManager
so if no password is specified on the KeyManager we assume it is the one from the
KeyStore. 
Created analysis document for this:
https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefault...

  was:
In Elytron, there is keystore password (key-store resource) and key password (key-managers
resource) required. 
However in theory there could be cases, where no password can be intended
- key-store resource for truststore purposes (reading truststore) (but in legacy is
required)
- PKCS12 can be created without key password (but keystore password in legacy is
required)
- you can create JKS programatically without keystore password
- *in legacy key password is optional (which mean keystore password is used)*

...
From discussion: We can make the password optional on the KeyManager
so if no password is specified on the KeyManager we assume it is the one from the
KeyStore. 
Created analysis document for this:
https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefault...

...
 KeyStore password as default KeyManager password
 ------------------------------------------------

                 Key: WFCORE-3075
                 URL: https://issues.jboss.org/browse/WFCORE-3075
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
            Reporter: Jan Kalina
            Priority: Critical
              Labels: keymanager, keystore, trustmanager

 In Elytron, there is keystore password (key-store resource) and key password
(key-managers resource) required. 
 However in theory there could be cases, where no password can be intended
 - key-store resource for truststore purposes (reading truststore) (but in legacy is
password required)
 - PKCS12 can be created without key password (but keystore password in legacy is
required)
 - you can create JKS programatically without keystore password
 - *in legacy key password is optional (which mean keystore password is used)*
 From discussion: We can make the password optional on the KeyManager so if no password is
specified on the KeyManager we assume it is the one from the KeyStore.
 Created analysis document for this:
https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefault...

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006