Re: [security-dev] Database driven Java Keystore

Tuesday, 21 August 2012

Or maybe you should create a new abstraction for key discovery?  I did 
this for resteasy for the key-based features I have so that the user has 
different options for storing keys.  i.e. from cert.pem or cert.der 
files, or .pem text embedded in LDAP entries, DNS entries, etc.

On 8/21/2012 12:44 PM, Anil Saldhana wrote:
...
 Hi all,
    you are familiar with the file based standard Java keystore. KeyTool
 is a command line utility to deal with the standard keystore.

 The challenges with a file based keystore are plenty:
 a) Each node in a cluster needs to have a local copy. NFS based keystore
 does solve this problem.
 b) Updates to keystore need to be done with each copy in a cluster.

 I put in a DB backed keystore that is standalone with dependence on
 Bouncycastle jars alone.
 https://docs.jboss.org/author/display/SECURITY/Java+Keystores

 There are multiple TBD items listed on the page.

 There is a master salt.  It is used to MD5 hash+salt the keystore
 password (master password) and also individual key passwords.

 Feedback welcome.

 Regards,
 Anil
 _______________________________________________
 security-dev mailing list
 security-dev(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/security-dev

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [security-dev] Database driven Java Keystore