[security-dev] Database driven Java Keystore
Bill Burke
bburke at redhat.com
Tue Aug 21 19:25:49 EDT 2012
Or maybe you should create a new abstraction for key discovery? I did
this for resteasy for the key-based features I have so that the user has
different options for storing keys. i.e. from cert.pem or cert.der
files, or .pem text embedded in LDAP entries, DNS entries, etc.
On 8/21/2012 12:44 PM, Anil Saldhana wrote:
> Hi all,
> you are familiar with the file based standard Java keystore. KeyTool
> is a command line utility to deal with the standard keystore.
>
> The challenges with a file based keystore are plenty:
> a) Each node in a cluster needs to have a local copy. NFS based keystore
> does solve this problem.
> b) Updates to keystore need to be done with each copy in a cluster.
>
> I put in a DB backed keystore that is standalone with dependence on
> Bouncycastle jars alone.
> https://docs.jboss.org/author/display/SECURITY/Java+Keystores
>
> There are multiple TBD items listed on the page.
>
> There is a master salt. It is used to MD5 hash+salt the keystore
> password (master password) and also individual key passwords.
>
> Feedback welcome.
>
> Regards,
> Anil
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list