[jboss-jira] [JBoss JIRA] (WFLY-4238) Vault script not showing shared key
Peter Skopek (JIRA)
issues at jboss.org
Mon Jan 12 05:23:49 EST 2015
[ https://issues.jboss.org/browse/WFLY-4238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13031690#comment-13031690 ]
Peter Skopek commented on WFLY-4238:
------------------------------------
[~abhinav.gupta01] PicketBox has changed some time ago to using symmetric cypher (AES) to encrypt passwords in PicketBoxVault. Therefore there is no need to use shared key anymore. Just to keep format of "vault string" we put ::1 at the place where shared key used to be. We need it to support automatic vault conversion as well.
The third parameter is ignored by new vault implementation.
I will check referenced article and fix it to make it clear.
> Vault script not showing shared key
> -----------------------------------
>
> Key: WFLY-4238
> URL: https://issues.jboss.org/browse/WFLY-4238
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 8.1.0.Final
> Environment: Windows 7 with jdk1.7.0_51
> Reporter: Abhinav Gupta
> Assignee: Peter Skopek
>
> Team,
> while using vault.bat , we are not able to see shared key. For every password entered I get a key as : VAULT::test1::pas::1
> Below is console for vault.bat
> Microsoft Windows [Version 6.1.7601]
> Copyright (c) 2009 Microsoft Corporation. All rights reserved.
> D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\bin>vault.bat
> =========================================================================
> JBoss Vault Tool
> JBOSS_HOME: "D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly"
> JAVA: "C:\jdk1.7.0_51\bin\java"
> JAVA_OPTS: ""
> =========================================================================
> **********************************
> **** JBoss Vault ***************
> **********************************
> Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
> 0
> Starting an interactive session
> Enter directory to store encrypted files:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault
> Enter Keystore URL:D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore
> Enter Keystore password:
> Enter Keystore password again:
> Values match
> Enter 8 character salt:12345678
> Enter iteration count as a number (e.g.: 44):50
> Enter Keystore Alias:vault
> Initializing Vault
> Jan 12, 2015 1:03:22 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
> INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
> Vault Configuration in WildFly configuration file:
> ********************************************
> ...
> </extensions>
> <vault>
> <vault-option name="KEYSTORE_URL" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\vault.keystore"/>
> <vault-option name="KEYSTORE_PASSWORD" value="MASK-InRT5Cuu6V"/>
> <vault-option name="KEYSTORE_ALIAS" value="vault"/>
> <vault-option name="SALT" value="12345678"/>
> <vault-option name="ITERATION_COUNT" value="50"/>
> <vault-option name="ENC_FILE_DIR" value="D:\e3c\E3C_Install_ZipTask_SCE_B3\sw\System\WildFly\vault\"/>
> </vault><management> ...
> ********************************************
> Vault is initialized and ready for use
> Handshake with Vault complete
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
> 0
> Task: Store a secured attribute
> Please enter secured attribute value (such as password):
> Please enter secured attribute value (such as password) again:
> Values match
> Enter Vault Block:test1
> Enter Attribute Name:pas
> Secured attribute value has been stored in Vault.
> Please make note of the following:
> ********************************************
> Vault Block:test1
> Attribute Name:pas
> Configuration should be done as follows:
> VAULT::test1::pas::1
> ********************************************
> Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list