[
https://issues.apache.org/jira/browse/SYNCOPE-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò reassigned SYNCOPE-1510:
-----------------------------------------------
Assignee: Francesco Chicchiriccò
> Allow to store encrypted schema's secret key externally
> -------------------------------------------------------
>
> Key: SYNCOPE-1510
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1510
> Project: Syncope
> Issue Type: Improvement
> Components: console, core, enduser
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 2.1.6, 3.0.0
>
>
> Encrypted plain schema's secret key is used to encrypt the related attribute
> values.
> Currently, such key is stored alongside with other plain schema's definition
> items, as cipher algorithm for example.
> While functional, such approach breaks some security compliance rules, as (1)
> algorithm (2) secret key and (3) encrypted value are all in the same place
> (Syncope's internal storage).
> We should introduce the possibility to store at least the secret key in
> another place.
> Moreover, we could also consider, in the schema definition, a conversion
> pattern which allows, when set, to decrypt the values (if algorithm is
> compatible) for REST access; among other use cases, this would allow to
> transparently edit via Admin Console / Enduser UI the related attributes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
