[jboss-jira] [JBoss JIRA] (JGRP-2274) ASYM_ENCRYPT: deprecate sign_msgs
Nick Sawadsky (Jira)
issues at jboss.org
Fri Jul 10 12:20:00 EDT 2020
[ https://issues.redhat.com/browse/JGRP-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14214717#comment-14214717 ]
Nick Sawadsky edited comment on JGRP-2274 at 7/10/20 12:19 PM:
---------------------------------------------------------------
[~belaban] To my knowledge the CBC mode of encryption does not provide integrity checking.
GCM does, and I believe it can be enabled in JGroups via:
{code:java}
sym_algorithm="AES/GCM/NoPadding"
sym_iv_length="12"{code}
However, GCM has a very strict requirement to avoid reuse of the same IV for a given key, which is difficult to guarantee when a static key is used.
As a result I'm still hoping TLS support can eventually be added to address the integrity checking requirement, as well as provide additional protections for cluster traffic.
was (Author: nsawadsky):
[~belaban] To my knowledge the CBC mode of encryption does not provide integrity checking.
GCM does, and I believe it can be enabled in JGroups via:
{code:java}
sym_algorithm="AES/GCM/NoPadding"
sym_iv_length="12"{code}
However, GCM has a very strict requirement to avoid reuse of the same IV for a given key, which is difficult to guarantee when a static key is used.
As a result I'm still hoping TLS support can eventually be added to address the integrity checking requirement, as well as provide a generally stronger story around security of cluster traffic.
> ASYM_ENCRYPT: deprecate sign_msgs
> ---------------------------------
>
> Key: JGRP-2274
> URL: https://issues.redhat.com/browse/JGRP-2274
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, signing messages means that the checksum of an encrypted message is computed and used together with the secret key of the sender to sign the message. On the receiver side, the public key of the sender is used to validate the signature.
> However, this is redundant, as decryption of a message will fail if the contents have been changed.
> If needed, signing of messages can be done in a separate protocol.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list