Periodically users show up who want their passwords obscured in new
ways that allow their systems to break by removing the key used to
obscure them :-) (how's that for a biased view of the situation :-)
They don't like SimpleEncryption because the key is hardcoded and
thus the same for all geronimo instances.
See GERONIMO-2925
I've implemented something for this request that allows you to
register "encryptors" with the EncryptionManager. By default you get
the current SimpleEncryption which uses AES with a hardcoded key.
There's also a ConfiguredEncryption gbean that will generate and save
a key if not present or use a saved one.
You can register any number of Encryption instances with
EncrptionManager but only the first one you register will be used for
encryption. Others might be used for decryption.
If you try to encrypt a string that is already encrypted under a
different registered Encryption instance it will decrypt using the
old Encryption and re-encrypt using the registered Encryption. For
instance the properties file login module used to use {Standard} as
the prefix instead of {Simple} so I registered the SimpleEncryption
instance under both prefixes: the property files are re-encrypted
with the {Simple} prefix.
If you want to use the ConfiguredEncryption you can add this to
config.xml under rmi-naming module:
<gbean name="org.apache.geronimo.configs/rmi-naming/2.1-SNAPSHOT/car?
name=ConfiguredEncryption,j2eeType=GBean"
gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
<attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
<reference name="ServerInfo"><pattern><name>ServerInfo</name></
pattern></reference>
</gbean>
I haven't tried this with app clients yet but I assume that adding
this gbean to client would work.
I'd appreciate review on this both for the idea of pluggable
Encryption and even more for my use of crypto which I am definitely
not an expert in.
thanks
david jencks
