[jboss-jira] [JBoss JIRA] (WFCORE-3075) KeyStore password as default KeyManager password
Jan Kalina (JIRA)
issues at jboss.org
Wed Jul 19 05:35:00 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina updated WFCORE-3075:
-------------------------------
Summary: KeyStore password as default KeyManager password (was: Required keystore and key paswords)
> KeyStore password as default KeyManager password
> ------------------------------------------------
>
> Key: WFCORE-3075
> URL: https://issues.jboss.org/browse/WFCORE-3075
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jan Kalina
> Priority: Critical
> Labels: keymanager, keystore, trustmanager
>
> In Elytron, there is keystore password (key-store resource) and key password (key-managers resource) required.
> However in theory there could be cases, where no password can be intended
> - key-store resource for truststore purposes (reading truststore)
> - PKCS12 can be created without key password
> - you can create JKS programatically without keystore password
> - in legacy key password is optional
> Question is if we want to support these cases in EAP.
> On the other hand:
> - truststore password in legacy is required
> - keystore password in legacy is required
> - changing from required to optional can be performed in future in backward compatible manner
> - requiring password is more secure
> So from my PoV with Elytron we are compared to legacy little bit unsafe only with required key password. But that can be changed to optional easily in future if there will be customer case.
> WDYT?
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list