> > - The config file reader looks for strings of the form "{enc:<string>}:
> > and replaces them, before otherwise parsing the line, with the decrypted
> > version of the string using the key in the "master_key" file.
>
> This sounds pretty reasonable, except perhaps that you might only want
> to convert strings in password fields -- otherwise you risk false
> positives in e.g. the dial plan.
I think this works much better if it's purely lexical. Otherwise, you
have to teach the code what's a password and what's not and maintaning
that is an ongoing issue, so I think a cleaner design would be to pick
some string that's just not going to occur anywhere.
> I can recommend contracting with one of the indepedent Asterisk
> developers to get this done. You will likely find them on the
> Asterisk-biz-list.
I could easily do it myself if it were something that I personally needed
(except that I'm not sure if two-way encryption routines already exist
in Asterisk), but we don't have enough passwords for this to be an issue.
I was posting the design to address the issues raised by the person who
started the thread.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
