[jboss-jira] [JBoss JIRA] (JGRP-2274) ASYM_ENCRYPT: deprecate sign_msgs
Nick Sawadsky (Jira)
issues at jboss.org
Wed Aug 28 19:54:00 EDT 2019
[ https://issues.jboss.org/browse/JGRP-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13776597#comment-13776597 ]
Nick Sawadsky edited comment on JGRP-2274 at 8/28/19 7:53 PM:
--------------------------------------------------------------
[~belaban] I have spent some time looking into GCM support and came to the conclusion it might not be the best fit for this purpose. The challenge with GCM is the strict requirement not to reuse the same IV with the same key. In a JGroups cluster, with many nodes sending messages encrypted with the same key, this is a difficult constraint to enforce.
So a separate INTEGRITY protocol, based on HMAC, might be a better way to go. Perhaps combined with CBC support in Encrypt, to get off of ECB. This is starting to feel like more than I can tackle at this point in time.
Another approach to securing the cluster communications would be adding support for TLS in TCP/TCP_NIO2. This would cover both encryption, authentication, and integrity in a standards-based way. Just wondering -- is this something that is currently on the near-term or long-term roadmap?
was (Author: nsawadsky):
[~belaban] I have spent some time looking into GCM support and came to the conclusion it might not be the best fit for this purpose. The challenge with GCM is the strict requirement not to reuse the same IV with the same key. In a JGroups cluster, with many nodes sending messages encrypted with the same key, this is a difficult constraint to enforce.
So a separate INTEGRITY protocol, based on HMAC, might be a better way to go. Perhaps combined with CBC support in Encrypt, to get off of ECB. Which is starting to feel like more than I can tackle at this point in time.
Another approach to securing the cluster communications would be adding support for TLS in TCP/TCP_NIO2. This would cover both encryption, authentication, and integrity in a standards-based way. Just wondering -- is this something that is currently on the near-term or long-term roadmap?
> ASYM_ENCRYPT: deprecate sign_msgs
> ---------------------------------
>
> Key: JGRP-2274
> URL: https://issues.jboss.org/browse/JGRP-2274
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, signing messages means that the checksum of an encrypted message is computed and used together with the secret key of the sender to sign the message. On the receiver side, the public key of the sender is used to validate the signature.
> However, this is redundant, as decryption of a message will fail if the contents have been changed.
> If needed, signing of messages can be done in a separate protocol.
--
This message was sent by Atlassian Jira
(v7.13.5#713005)
More information about the jboss-jira
mailing list