[jboss-jira] [JBoss JIRA] (JGRP-2274) ASYM_ENCRYPT: deprecate sign_msgs
Bela Ban (Jira)
issues at jboss.org
Wed Aug 21 10:13:00 EDT 2019
[ https://issues.jboss.org/browse/JGRP-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13773609#comment-13773609 ]
Bela Ban commented on JGRP-2274:
--------------------------------
{quote}
HMAC needs its own shared key, so this may be one reason to keep the signing as part of the encryption protocol (so it can reuse the same shared secret)
{quote}
Hmm, I don't like this; as a matter of fact, I removed the signing because I wanted separation of concerns (encryption and signing). But there are ways of fetching the secret key from Encrypt: using GET_SECRET_KEY as event sent up or down the stack does this. This is currently used by SSL_KEY_EXCHANGE, as it also needs access to the secret key.
Wrt the changes you mentioned: I prefer _additional (separate) protocols_ to implement something that's different than encryption. But, of course, if you wanted to add GCM mode, than Encrypt itself would have to be modified.
If you have suggestions, I'm all ears. If you even want to _implement_ something, I'm all for it, but I can't do this myself!
> ASYM_ENCRYPT: deprecate sign_msgs
> ---------------------------------
>
> Key: JGRP-2274
> URL: https://issues.jboss.org/browse/JGRP-2274
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, signing messages means that the checksum of an encrypted message is computed and used together with the secret key of the sender to sign the message. On the receiver side, the public key of the sender is used to validate the signature.
> However, this is redundant, as decryption of a message will fail if the contents have been changed.
> If needed, signing of messages can be done in a separate protocol.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list