Encryption of passwords

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Encryption of passwords

Bengt Rodehav
I've seen that Karaf provides an encryption service but I haven't figured out how to use it.

In our case we sometimes have to store passwords in configuration files. Can the encryption service be used to encrypt them and then decrypt them when configuration admin passes a configuration to a service? If so, how do I accomplish this?

/Bengt
Reply | Threaded
Open this post in threaded view
|

Re: Encryption of passwords

luke
Please reffer the documentation:


For stronger security use a Jaspyt.

Łukasz Dywicki
--
Code-House

Wiadomość napisana przez Bengt Rodehav w dniu 2012-01-04, o godz. 21:22:

I've seen that Karaf provides an encryption service but I haven't figured out how to use it.

In our case we sometimes have to store passwords in configuration files. Can the encryption service be used to encrypt them and then decrypt them when configuration admin passes a configuration to a service? If so, how do I accomplish this?

/Bengt




Reply | Threaded
Open this post in threaded view
|

Re: Encryption of passwords

Bengt Rodehav
Thanks for you suggestion Lukasz but I already read that part.

Looking at it again, it seems like encryption is only supported in JAAS configurations. I was hoping that it could be used in any configuration file managed by config admin (or rather fileinstall). E g we configure a lot of camel routes using e g ftp. In that case we need to configure the route with the correct user and password. We currently do that using config admin. I was hoping that Karaf's encryption support could make the passwords in those configuration files encrypted. They would of course have to be decrypted before the config admin feeds a service with the configuration.

Did I completely misunderstand the encryption service?

/Bengt

2012/1/4 Łukasz Dywicki <[hidden email]>
Please reffer the documentation:


For stronger security use a Jaspyt.

Łukasz Dywicki
--
Code-House

Wiadomość napisana przez Bengt Rodehav w dniu 2012-01-04, o godz. 21:22:

I've seen that Karaf provides an encryption service but I haven't figured out how to use it.

In our case we sometimes have to store passwords in configuration files. Can the encryption service be used to encrypt them and then decrypt them when configuration admin passes a configuration to a service? If so, how do I accomplish this?

/Bengt





Reply | Threaded
Open this post in threaded view
|

Re: Encryption of passwords

luke
Hey Matt,
Sorry for initial missunderstanding of your idea. So far there is no support for crypted values in config admin. EncryptionService is general purpose tool. You can use it to de-crypt values from configuration admin or somewhere in your application.
If you're looking for something to crypt passwords used by Camel take look for camel-jaspyt integration: http://camel.apache.org/jasypt.html

Best regards,
Łukasz Dywicki
--
Code-House
http://code-house.org

Wiadomość napisana przez Bengt Rodehav w dniu 2012-01-04, o godz. 23:42:

Thanks for you suggestion Lukasz but I already read that part.

Looking at it again, it seems like encryption is only supported in JAAS configurations. I was hoping that it could be used in any configuration file managed by config admin (or rather fileinstall). E g we configure a lot of camel routes using e g ftp. In that case we need to configure the route with the correct user and password. We currently do that using config admin. I was hoping that Karaf's encryption support could make the passwords in those configuration files encrypted. They would of course have to be decrypted before the config admin feeds a service with the configuration.

Did I completely misunderstand the encryption service?

/Bengt

2012/1/4 Łukasz Dywicki <[hidden email]>
Please reffer the documentation:


For stronger security use a Jaspyt.

Łukasz Dywicki
--
Code-House

Wiadomość napisana przez Bengt Rodehav w dniu 2012-01-04, o godz. 21:22:

I've seen that Karaf provides an encryption service but I haven't figured out how to use it.

In our case we sometimes have to store passwords in configuration files. Can the encryption service be used to encrypt them and then decrypt them when configuration admin passes a configuration to a service? If so, how do I accomplish this?

/Bengt





Reply | Threaded
Open this post in threaded view
|

Re: Encryption of passwords

Bengt Rodehav
Thanks a lot. Will look into camel-jaspyt,

/Bengt

2012/1/5 Łukasz Dywicki <[hidden email]>
Hey Matt,
Sorry for initial missunderstanding of your idea. So far there is no support for crypted values in config admin. EncryptionService is general purpose tool. You can use it to de-crypt values from configuration admin or somewhere in your application.
If you're looking for something to crypt passwords used by Camel take look for camel-jaspyt integration: http://camel.apache.org/jasypt.html

Best regards,
Łukasz Dywicki
--
Code-House
http://code-house.org

Wiadomość napisana przez Bengt Rodehav w dniu 2012-01-04, o godz. 23:42:

Thanks for you suggestion Lukasz but I already read that part.

Looking at it again, it seems like encryption is only supported in JAAS configurations. I was hoping that it could be used in any configuration file managed by config admin (or rather fileinstall). E g we configure a lot of camel routes using e g ftp. In that case we need to configure the route with the correct user and password. We currently do that using config admin. I was hoping that Karaf's encryption support could make the passwords in those configuration files encrypted. They would of course have to be decrypted before the config admin feeds a service with the configuration.

Did I completely misunderstand the encryption service?

/Bengt

2012/1/4 Łukasz Dywicki <[hidden email]>
Please reffer the documentation:


For stronger security use a Jaspyt.

Łukasz Dywicki
--
Code-House

Wiadomość napisana przez Bengt Rodehav w dniu 2012-01-04, o godz. 21:22:

I've seen that Karaf provides an encryption service but I haven't figured out how to use it.

In our case we sometimes have to store passwords in configuration files. Can the encryption service be used to encrypt them and then decrypt them when configuration admin passes a configuration to a service? If so, how do I accomplish this?

/Bengt