[esb-issues] [JBoss JIRA] Commented: (JBESB-2121) Replace crypto util with sealed object
Kevin Conner (JIRA)
jira-events at lists.jboss.org
Thu Oct 16 04:45:20 EDT 2008
[ https://jira.jboss.org/jira/browse/JBESB-2121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12434042#action_12434042 ]
Kevin Conner commented on JBESB-2121:
-------------------------------------
Sorry, clarifying my last.
The secured object should be private to the issuing instance and should not be decrypted by other instances.
> Replace crypto util with sealed object
> --------------------------------------
>
> Key: JBESB-2121
> URL: https://jira.jboss.org/jira/browse/JBESB-2121
> Project: JBoss ESB
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 4.4 CP1
> Reporter: Kevin Conner
> Assignee: Daniel Bevenius
> Fix For: 4.4 CP1
>
>
> The crypto util classes are used to encrypt the SecurityContext but we should be able to use a SealedObject.
> The util also relies on having a keystore configured but it would be sufficient to have the key(s) automatically generated on startup and use this to encrypt the session information.
> Another issue with the class is that the encrypt/decrypt methods repeatedly encrypt the serialised data in chunks but the encrypt/decrypt sizes are very dependent on the block cipher in use (currently RSA). If the configuration specifies a different cipher then this is likely to fail. If we can move to a SealedObject then this should no longer be an issue.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the esb-issues
mailing list