Francesco Chicchiriccò created SYNCOPE-1510:
-----------------------------------------------
Summary: Allow to store encrypted schema's secret key externally
Key: SYNCOPE-1510
URL: https://issues.apache.org/jira/browse/SYNCOPE-1510
Project: Syncope
Issue Type: Improvement
Components: console, core, enduser
Reporter: Francesco Chicchiriccò
Fix For: 2.1.6, 3.0.0
Encrypted plain schema's secret key is used to encrypt the related attribute
values.
Currently, such key is stored alongside with other plain schema's definition
items, as cipher algorithm for example.
While functional, such approach breaks some security compliance rules, as (1)
algorithm (2) secret key and (3) encrypted value are all in the same place
(Syncope's internal storage).
We should introduce the possibility to store at least the secret key in another
place.
Moreover, we could also consider, in the schema definition, a conversion
pattern which allows, when set, to decrypt the values (if algorithm is
compatible) for REST access; among other use cases, this would allow to
transparently edit via Admin Console / Enduser UI the related attributes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
