[jboss-jira] [JBoss JIRA] (WFCORE-3075) KeyStore password as default KeyManager password
Jan Kalina (JIRA)
issues at jboss.org
Wed Jul 19 05:43:01 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina updated WFCORE-3075:
-------------------------------
Description:
In Elytron, there is keystore password (key-store resource) and key password (key-managers resource) required.
However in theory there could be cases, where no password can be intended
- key-store resource for truststore purposes (reading truststore) (but in legacy is password required)
- PKCS12 can be created without key password (but keystore password in legacy is required)
- you can create JKS programatically without keystore password
- *in legacy key password is optional (which mean keystore password is used)*
>From discussion: We can make the password optional on the KeyManager so if no password is specified on the KeyManager we assume it is the one from the KeyStore.
Created analysis document for this: https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefaultKeyManagerPassword
was:
In Elytron, there is keystore password (key-store resource) and key password (key-managers resource) required.
However in theory there could be cases, where no password can be intended
- key-store resource for truststore purposes (reading truststore) (but in legacy is required)
- PKCS12 can be created without key password (but keystore password in legacy is required)
- you can create JKS programatically without keystore password
- *in legacy key password is optional (which mean keystore password is used)*
>From discussion: We can make the password optional on the KeyManager so if no password is specified on the KeyManager we assume it is the one from the KeyStore.
Created analysis document for this: https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefaultKeyManagerPassword
> KeyStore password as default KeyManager password
> ------------------------------------------------
>
> Key: WFCORE-3075
> URL: https://issues.jboss.org/browse/WFCORE-3075
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jan Kalina
> Priority: Critical
> Labels: keymanager, keystore, trustmanager
>
> In Elytron, there is keystore password (key-store resource) and key password (key-managers resource) required.
> However in theory there could be cases, where no password can be intended
> - key-store resource for truststore purposes (reading truststore) (but in legacy is password required)
> - PKCS12 can be created without key password (but keystore password in legacy is required)
> - you can create JKS programatically without keystore password
> - *in legacy key password is optional (which mean keystore password is used)*
> From discussion: We can make the password optional on the KeyManager so if no password is specified on the KeyManager we assume it is the one from the KeyStore.
> Created analysis document for this: https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefaultKeyManagerPassword
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list