Re: [security-dev] Database driven Java Keystore

Bill, do you have the links to what you have done? I like your idea. http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html This is the Keystore api. It is a decent API if the keys have been stored into a keystore. The keystore can be the file based, a store based (DB/LDAP etc) or hardware based. But if the keys do not exist in a keystore that is loaded by the Keystore API, then you will need an higher level api, to have the flexibility. Regards, Anil On 08/21/2012 06:25 PM, Bill Burke wrote: > Or maybe you should create a new abstraction for key discovery? I did > this for resteasy for the key-based features I have so that the user has > different options for storing keys. i.e. from cert.pem or cert.der > files, or .pem text embedded in LDAP entries, DNS entries, etc. > > On 8/21/2012 12:44 PM, Anil Saldhana wrote: >> Hi all, >> you are familiar with the file based standard Java keystore. KeyTool >> is a command line utility to deal with the standard keystore. >> >> The challenges with a file based keystore are plenty: >> a) Each node in a cluster needs to have a local copy. NFS based keystore >> does solve this problem. >> b) Updates to keystore need to be done with each copy in a cluster. >> >> I put in a DB backed keystore that is standalone with dependence on >> Bouncycastle jars alone. >> https://docs.jboss.org/author/display/SECURITY/Java+Keystores >> >> There are multiple TBD items listed on the page. >> >> There is a master salt. It is used to MD5 hash+salt the keystore >> password (master password) and also individual key passwords. >> >> Feedback welcome. >> >> Regards, >> Anil _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev