On Mon, May 22, 2017 at 5:46 PM, Niranjan Karunanandham <[email protected]> wrote:
> Hi Dilan, > > On Mon, May 22, 2017 at 5:27 PM, Dilan Udara Ariyaratne <[email protected]> > wrote: > >> And also there is a concept called encrypting registry data. >> Is this feature supported in carbon 4.4.x and if "YES", is this done via >> the keystore configured in carbon.xml ? I could not find proper >> documentation for this. >> > Can you explain about this please? Are you referring to data being > encrypted when added to the registry from the UI say password field. If so, > then this uses the secure vault. > Yes, I was referring to encrypting registry resources such as scripts, configuration files and etc, but not passwords. > >> Thanks, >> Dilan. >> >> >> *Dilan U. Ariyaratne* >> Senior Software Engineer >> WSO2 Inc. <http://wso2.com/> >> Mobile: +94766405580 <%2B94766405580> >> lean . enterprise . middleware >> >> >> On Mon, May 22, 2017 at 5:11 PM, Dilan Udara Ariyaratne <[email protected]> >> wrote: >> >>> Hi Niranjan, >>> >>> On Mon, May 22, 2017 at 2:48 PM, Niranjan Karunanandham < >>> [email protected]> wrote: >>> >>>> Hi Dilan, >>>> >>>> On Fri, May 5, 2017 at 7:15 PM, Dilan Udara Ariyaratne <[email protected] >>>> > wrote: >>>> >>>>> Hi Folks, >>>>> >>>>> Following conceptions are still there regarding keystores used in WSO2 >>>>> products. >>>>> >>>>> 1. Primary KeyStore must contain only one private key. There can >>>>> not be two private keys. (This is due to some issue in WSO2 products >>>>> which >>>>> may be fixed in future). >>>>> 2. Primary KeyStore must contain *same* password as KeyStore >>>>> password and private key password. (This is due to some issue in WSO2 >>>>> products which may be fixed in future) >>>>> >>>>> Are these conceptions still valid or have these issues been already >>>>> fixed ? >>>>> >>>> >>>> In WSO2 Carbon there are multiple keystores. I believe the above >>>> keystore that you have mentioned is only the Keystore [1] in carbon.xml. In >>>> 4.4.x, this keystore is only used for secure vault only. >>>> >>> >>> Aren't those secure vault configurations for keystores configured in >>> secret-conf.properties >>> ? >>> >>> As you have mentioned, in 4.4.x, if secure vault is enabled, then at the >>>> server startup, it will ask for a single password which it uses for both >>>> the Keystore and private key password. >>>> >>> >>> In https://docs.wso2.com/display/ADMIN44x/Using+Asymmetric+Encryption, >>> it says that "You must have the same password for both keystore and >>> private key due to a Tomcat limitation" >>> and therefore, it seems not because of secure vault. >>> >>> >>>> IMO since this is only for secure vault, we can have the same password. >>>> In-addition AFAIK we can have multiple private key here. In 4.4.x, the JKS >>>> for ssl has been moved to catalina-server.xml. Therefore a separate >>>> keystore can be maintained for this. These two configuration are mentioned >>>> in [2]. >>>> >>>>> Thanks. >>>>> *Dilan U. Ariyaratne* >>>>> Senior Software Engineer >>>>> WSO2 Inc. <http://wso2.com/> >>>>> Mobile: +94766405580 <%2B94766405580> >>>>> lean . enterprise . middleware >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> [1] - >>>> <KeyStore> >>>> <!-- Keystore file location--> >>>> <Location>${carbon.home}/repos >>>> itory/resources/security/wso2carbon.jks</Location> >>>> <!-- Keystore type (JKS/PKCS12 etc.)--> >>>> <Type>JKS</Type> >>>> <!-- Keystore password--> >>>> <Password>wso2carbon</Password> >>>> <!-- Private Key alias--> >>>> <KeyAlias>wso2carbon</KeyAlias> >>>> <!-- Private Key password--> >>>> <KeyPassword>wso2carbon</KeyPassword> >>>> </KeyStore> >>>> >>>> [2] - https://docs.wso2.com/display/ADMIN44x/Configuring+Keystor >>>> es+in+WSO2+Products >>>> >>>> Regards, >>>> Nira >>>> >>>> -- >>>> >>>> >>>> *Niranjan Karunanandham* >>>> Associate Technical Lead - WSO2 Inc. >>>> WSO2 Inc.: http://www.wso2.com >>>> >>>> >>> >> > > > -- > > > *Niranjan Karunanandham* > Associate Technical Lead - WSO2 Inc. > WSO2 Inc.: http://www.wso2.com > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
