The private and public keys are both automatically generated and stored on
the server, using the Triple DES algorithm (aka DESede).
What you see in the ui and put in the settings.xml is the result of taking
the clear text password and encrypting it using the DESede keys.
Yossi Shaul
On Wed, Nov 25, 2009 at 1:45 AM, bman <[email protected]> wrote:
>
> Thanks Fred!
>
> This helps a lot, but I still have some questions. So does this mean that
> the private key is stored on the user's machine, and the public key is
> stored on the server? What do you mean by "encrypt is clear text password
> in the UI?" Is the encryption method Triple DES as mentioned in the Jira
> request?
>
> Thanks,
> Barry
>
>
> freddy33 wrote:
> >
> > Hi,
> >
> > First, yes this is implemented.
> > Second, the SecretKey is actually generated per user when he is using the
> > Artifactory Web UI. I mean that the password is used to authenticate the
> > user against LDAP, then when going to the user profile page the user can
> > "Unlock" his password using it's personal private key with the same
> > password. Artifactory never store the LDAP password, just the pair
> > private/public key used to decrypt the grabbled text used by the user in
> > the
> > settings.xml and encrypt is clear text password in the UI.
> >
> > Is that clear? :)
> >
> > HTH,
> > Fred.
> >
> > On Sat, Nov 14, 2009 at 12:51 AM, bman <[email protected]> wrote:
> >
> >>
> >> Howdy,
> >>
> >> According to the original feature request for encrypted passwords
> >> (http://issues.jfrog.org/jira/browse/RTFACT-1191), the admin user
> should
> >> be
> >> able to set the key value:
> >> The basic concept is to allow an admin user the ability (via Web UI) to
> >> set
> >> a secret key value (javax.crypto.SecretKey) to be used for encrypting
> >> users
> >> passwords. Once the secret key has been set, the normal user would use
> >> the
> >> Web UI to input his password and then generate the encrypted (Triple
> >> DES?)
> >> version of the password. The user would then cut-and-paste the encrypted
> >> string into the settings.xml file.
> >> Was this part implemented? If so, how does one go about doing this?
> >>
> >> Otherwise, how is the key set and what security controls are around the
> >> key?
> >>
> >> We are integrating with LDAP, so we just want to be sure our domain
> >> credentials are well protected.
> >>
> >> Thanks,
> >> Barry
> >> --
> >> View this message in context:
> >> http://old.nabble.com/Encrypted-Passwords-tp26344800p26344800.html
> >> Sent from the Artifactory-Users mailing list archive at Nabble.com.
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> >> 30-Day
> >> trial. Simplify your report design, integration and deployment - and
> >> focus
> >> on
> >> what you do best, core application coding. Discover what's new with
> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> >> _______________________________________________
> >> Artifactory-users mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/artifactory-users
> >>
> >
> >
> >
> > --
> > Co. Founder and Chief Architect
> > JFrog Ltd
> > http://www.jfrog.org/
> > http://twitter.com/freddy33
> >
> >
> ------------------------------------------------------------------------------
> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> > 30-Day
> > trial. Simplify your report design, integration and deployment - and
> focus
> > on
> > what you do best, core application coding. Discover what's new with
> > Crystal Reports now. http://p.sf.net/sfu/bobj-july
> > _______________________________________________
> > Artifactory-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/artifactory-users
> >
> >
>
> --
> View this message in context:
> http://old.nabble.com/Encrypted-Passwords-tp26344800p26505325.html
> Sent from the Artifactory-Users mailing list archive at Nabble.com.
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Artifactory-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
