[jboss-jira] [JBoss JIRA] (WFLY-6569) Vault.sh can create keystore when doesn't exist. But we can't define KEY_SIZE for it.
Lin Gao (JIRA)
issues at jboss.org
Thu May 12 03:38:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13204150#comment-13204150 ]
Lin Gao commented on WFLY-6569:
-------------------------------
key-size is bound up with the algorithm.
Currently, {{vault.sh}} only supports algorithm: {{AES}}(no place to specify) to encrypt the secret key, for which the valid key sizes are: {{128}}, {{192}}, {{256}}. And for JDK like: Oracle Java 8, an additional installation of: {{Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files}} is needed to unlimit the strict of key size: {{192}} and {{256}}, otherwise only key-size: {{128}} is allowed to use.
It is not clear yet how to choose the algorithm, and which key size is valid for that algorithm when using the {{vault.sh}}, so I propose to reject this issue as won't fix, or change it into a REF?
> Vault.sh can create keystore when doesn't exist. But we can't define KEY_SIZE for it.
> -------------------------------------------------------------------------------------
>
> Key: WFLY-6569
> URL: https://issues.jboss.org/browse/WFLY-6569
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Lin Gao
>
> Vault.sh can create keystore when doesn't exist. But we can't define KEY_SIZE for it.
> Vault.sh have -t, --create-keystore parameter for create new keystore when it doesn't exist.
> But we need define KEY_SIZE too in other case KEY_SIZE = 128 is used.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list