Thanks Yossi! Where on the server are the keys stored? What measures are in place to keep the keys secure?
Thanks, Barry Yossi Shaul-3 wrote: > > The private and public keys are both automatically generated and stored on > the server, using the Triple DES algorithm (aka DESede). > What you see in the ui and put in the settings.xml is the result of taking > the clear text password and encrypting it using the DESede keys. > > Yossi Shaul > > On Wed, Nov 25, 2009 at 1:45 AM, bman <[email protected]> wrote: > >> >> Thanks Fred! >> >> This helps a lot, but I still have some questions. So does this mean >> that >> the private key is stored on the user's machine, and the public key is >> stored on the server? What do you mean by "encrypt is clear text >> password >> in the UI?" Is the encryption method Triple DES as mentioned in the Jira >> request? >> >> Thanks, >> Barry >> >> >> freddy33 wrote: >> > >> > Hi, >> > >> > First, yes this is implemented. >> > Second, the SecretKey is actually generated per user when he is using >> the >> > Artifactory Web UI. I mean that the password is used to authenticate >> the >> > user against LDAP, then when going to the user profile page the user >> can >> > "Unlock" his password using it's personal private key with the same >> > password. Artifactory never store the LDAP password, just the pair >> > private/public key used to decrypt the grabbled text used by the user >> in >> > the >> > settings.xml and encrypt is clear text password in the UI. >> > >> > Is that clear? :) >> > >> > HTH, >> > Fred. >> > >> > On Sat, Nov 14, 2009 at 12:51 AM, bman <[email protected]> wrote: >> > >> >> >> >> Howdy, >> >> >> >> According to the original feature request for encrypted passwords >> >> (http://issues.jfrog.org/jira/browse/RTFACT-1191), the admin user >> should >> >> be >> >> able to set the key value: >> >> The basic concept is to allow an admin user the ability (via Web UI) >> to >> >> set >> >> a secret key value (javax.crypto.SecretKey) to be used for encrypting >> >> users >> >> passwords. Once the secret key has been set, the normal user would >> use >> >> the >> >> Web UI to input his password and then generate the encrypted (Triple >> >> DES?) >> >> version of the password. The user would then cut-and-paste the >> encrypted >> >> string into the settings.xml file. >> >> Was this part implemented? If so, how does one go about doing this? >> >> >> >> Otherwise, how is the key set and what security controls are around >> the >> >> key? >> >> >> >> We are integrating with LDAP, so we just want to be sure our domain >> >> credentials are well protected. >> >> >> >> Thanks, >> >> Barry >> >> -- >> >> View this message in context: >> >> http://old.nabble.com/Encrypted-Passwords-tp26344800p26344800.html >> >> Sent from the Artifactory-Users mailing list archive at Nabble.com. >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> >> 30-Day >> >> trial. Simplify your report design, integration and deployment - and >> >> focus >> >> on >> >> what you do best, core application coding. Discover what's new with >> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> >> _______________________________________________ >> >> Artifactory-users mailing list >> >> [email protected] >> >> https://lists.sourceforge.net/lists/listinfo/artifactory-users >> >> >> > >> > >> > >> > -- >> > Co. Founder and Chief Architect >> > JFrog Ltd >> > http://www.jfrog.org/ >> > http://twitter.com/freddy33 >> > >> > >> ------------------------------------------------------------------------------ >> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> > 30-Day >> > trial. Simplify your report design, integration and deployment - and >> focus >> > on >> > what you do best, core application coding. Discover what's new with >> > Crystal Reports now. http://p.sf.net/sfu/bobj-july >> > _______________________________________________ >> > Artifactory-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/artifactory-users >> > >> > >> >> -- >> View this message in context: >> http://old.nabble.com/Encrypted-Passwords-tp26344800p26505325.html >> Sent from the Artifactory-Users mailing list archive at Nabble.com. >> >> >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> 30-Day >> trial. Simplify your report design, integration and deployment - and >> focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Artifactory-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/artifactory-users >> > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Artifactory-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/artifactory-users > > -- View this message in context: http://old.nabble.com/Encrypted-Passwords-tp26344800p26635761.html Sent from the Artifactory-Users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Artifactory-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/artifactory-users
