>https://wiki.jasig.org/display/CASUM/HOWTO+Use+Jasypt+to+encrypt+passwords+in+configuration+files
Thanks both for sharing this and documenting it. Now is a good time to discuss security considerations of encrypting sensitive credentials like database username/paassword as in your example above. I would argue that encrypted credentials for deployment generally do not have greater security than simply having them in the clear. Using symmetric encryption for credentials only moves the problem of how to secure the configuration file to how to secure the decryption key. In your case the key is effectively the password/phrase for the PBE key generation function. The same fundamental concerns that formerly applied to the configuration file now apply to the key. Anyone who can read the key can decrypt the password; this is exactly the same as the cleartext case where anyone that can read the configuration file can read the password. For keys (or key material) that remain in normal files on the filesystem, we conclude the following: Encrypted credentials are NOT MORE SECURE than cleartext credentials. It's important to note that you may be able to achieve greater security if your key is managed by a platform credential manager (e.g. OS X KeyChain), but I'm not aware of any API that could be leveraged by a Java application for that purpose. If you know or have done this please speak up. I would like to offer an alternative that provides greater security for platforms that can support it. Factor out sensitive credentials to a properties file and place it on an encrypted volume that can be decrypted only by the application user. While it's arguably game over if an adversary can gain access to a host, it's a substantially higher barrier to decrypt data in an encrypted volume than trying to overcome traditional file access privileges. The amount of added security of this approach depends on the platform and volume encryption method, but I would categorize it as somewhat more secure in the average case. I realize there are many good cases for encrypted credentials, such as being able to share configuration files between groups without disclosing credentials. But deployers seeking additional security for username/password credentials at rest should look for other solutions. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
