[jboss-jira] [JBoss JIRA] (ELY-1915) stronger credential store

[Darran Lofthouse (Jira)]

    [ https://issues.redhat.com/browse/ELY-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13938917#comment-13938917 ] 

Darran Lofthouse commented on ELY-1915:
---------------------------------------

A while back I think [~dmlloyd] suggested we could back the credential store in a similar way to how we back our filesystem realm, that could be something to consider - if we were to do that we could have complete control of how the entries are encrypted.

If we did that I would consider that we look at both symetric and asymetric encryption, one use case I think could be useful is: -
# A DBA creates a new account with password for a server.
# The DBA encrypts an entry in an agreed format using the public key of the server.
# The entry is imported into the server's credential store.
# The server loads the entry from the credential store using it's private key to decrypt.

I have seen cases where users use multiple credential stores so one team providing credentials can not see the credentials provided by another team.

Anyway that is a bit of a tangent but if we do look to increase the strength of the encryption I think reviewing the type of the encryption at the same time is worth considering.


> stronger credential store
> -------------------------
>
>                 Key: ELY-1915
>                 URL: https://issues.redhat.com/browse/ELY-1915
>             Project: WildFly Elytron
>          Issue Type: Feature Request
>          Components: Credential Store
>    Affects Versions: 1.6.1.Final
>            Reporter: Hisanobu Okuda
>            Priority: Major
>
> JCEKS which is used for credential store uses 3DES. Need more stronger credential store based on a stronger cryptography like AES256 or more.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)