[jboss-jira] [JBoss JIRA] (JGRP-2274) ASYM_ENCRYPT: deprecate sign_msgs
Bela Ban (Jira)
issues at jboss.org
Fri Jul 10 04:07:00 EDT 2020
[ https://issues.redhat.com/browse/JGRP-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212798#comment-14212798 ]
Bela Ban commented on JGRP-2274:
--------------------------------
I guess signing of messages can be done by changing the config in {{SYM_ENCRYPT}}:
{{sym_algorithm="AES/CBC/PKCS5Padding"}}
{{sym_iv_length="16"}} // any value > 0 will do
This makes sure that even a flipped bit in an encrypted message will cause decryption to fail.
> ASYM_ENCRYPT: deprecate sign_msgs
> ---------------------------------
>
> Key: JGRP-2274
> URL: https://issues.redhat.com/browse/JGRP-2274
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, signing messages means that the checksum of an encrypted message is computed and used together with the secret key of the sender to sign the message. On the receiver side, the public key of the sender is used to validate the signature.
> However, this is redundant, as decryption of a message will fail if the contents have been changed.
> If needed, signing of messages can be done in a separate protocol.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list