[mojo-dev] [jira] (MWEBSTART-274) Use the Maven Encryption functionality to encrypt passwords used for the DefaultSignTool

[Nico De Groote (JIRA)]

Title: Message Title

Nico De Groote edited a comment on an issue   Re: Use the Maven Encryption functionality to encrypt passwords used for the DefaultSignTool Patch submitted.  However, it is not completely how I would like it to be.  I probably did some stuff in there which was not needed for my feature to decrypt a storepass when I'm signing the jars. But I suppose it is a good starting point. The changes I made probably breaks the Non encrypted password approach. I did not test this. To be on the safe side I think we better add an extra <encrypt> property to the SignConfig class, and when true decrypt the passwords in this class when used. Default false. Add Comment   Mojo's Webstart Maven Plugin / MWEBSTART-274 Use the Maven Encryption functionality to encrypt passwords used for the DefaultSignTool Make us of the Maven Encryption functionality (http://maven.apache.org/guides/mini/guide-encryption.html) Make the SignConfig contain passwords which has been encrypted by the maven masterPassword. Decrypt this password when creating the sign request. This way the 'real' password are not kept in the poms. You can achieve this by injecting the ... This message was sent by Atlassian JIRA (v6.1.6#6162-sha1:7af547c) --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email