Hi Dilan, On Tue, May 23, 2017 at 3:32 PM, Dilan Udara Ariyaratne <[email protected]> wrote:
> > On Mon, May 22, 2017 at 5:46 PM, Niranjan Karunanandham <[email protected] > > wrote: > >> Hi Dilan, >> >> On Mon, May 22, 2017 at 5:27 PM, Dilan Udara Ariyaratne <[email protected]> >> wrote: >> >>> And also there is a concept called encrypting registry data. >>> Is this feature supported in carbon 4.4.x and if "YES", is this done via >>> the keystore configured in carbon.xml ? I could not find proper >>> documentation for this. >>> >> Can you explain about this please? Are you referring to data being >> encrypted when added to the registry from the UI say password field. If so, >> then this uses the secure vault. >> > > Yes, I was referring to encrypting registry resources such as scripts, > configuration files and etc, but not passwords. > If these resources are being encrypted, then the recommended approach is to use the secure vault for the encryption and decryption. You will have to check the source code of those respective components. > > >> >>> Thanks, >>> Dilan. >>> >>> >>> *Dilan U. Ariyaratne* >>> Senior Software Engineer >>> WSO2 Inc. <http://wso2.com/> >>> Mobile: +94766405580 <%2B94766405580> >>> lean . enterprise . middleware >>> >>> >>> On Mon, May 22, 2017 at 5:11 PM, Dilan Udara Ariyaratne <[email protected] >>> > wrote: >>> >>>> Hi Niranjan, >>>> >>>> On Mon, May 22, 2017 at 2:48 PM, Niranjan Karunanandham < >>>> [email protected]> wrote: >>>> >>>>> Hi Dilan, >>>>> >>>>> On Fri, May 5, 2017 at 7:15 PM, Dilan Udara Ariyaratne < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Folks, >>>>>> >>>>>> Following conceptions are still there regarding keystores used in >>>>>> WSO2 products. >>>>>> >>>>>> 1. Primary KeyStore must contain only one private key. There can >>>>>> not be two private keys. (This is due to some issue in WSO2 products >>>>>> which >>>>>> may be fixed in future). >>>>>> 2. Primary KeyStore must contain *same* password as KeyStore >>>>>> password and private key password. (This is due to some issue in WSO2 >>>>>> products which may be fixed in future) >>>>>> >>>>>> Are these conceptions still valid or have these issues been already >>>>>> fixed ? >>>>>> >>>>> >>>>> In WSO2 Carbon there are multiple keystores. I believe the above >>>>> keystore that you have mentioned is only the Keystore [1] in carbon.xml. >>>>> In >>>>> 4.4.x, this keystore is only used for secure vault only. >>>>> >>>> >>>> Aren't those secure vault configurations for keystores configured in >>>> secret-conf.properties >>>> ? >>>> >>>> As you have mentioned, in 4.4.x, if secure vault is enabled, then at >>>>> the server startup, it will ask for a single password which it uses for >>>>> both the Keystore and private key password. >>>>> >>>> >>>> In https://docs.wso2.com/display/ADMIN44x/Using+Asymmetric+Encryption, >>>> it says that "You must have the same password for both keystore and >>>> private key due to a Tomcat limitation" >>>> and therefore, it seems not because of secure vault. >>>> >>>> >>>>> IMO since this is only for secure vault, we can have the same >>>>> password. In-addition AFAIK we can have multiple private key here. In >>>>> 4.4.x, the JKS for ssl has been moved to catalina-server.xml. Therefore a >>>>> separate keystore can be maintained for this. These two configuration are >>>>> mentioned in [2]. >>>>> >>>>>> Thanks. >>>>>> *Dilan U. Ariyaratne* >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. <http://wso2.com/> >>>>>> Mobile: +94766405580 <%2B94766405580> >>>>>> lean . enterprise . middleware >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> [1] - >>>>> <KeyStore> >>>>> <!-- Keystore file location--> >>>>> <Location>${carbon.home}/repos >>>>> itory/resources/security/wso2carbon.jks</Location> >>>>> <!-- Keystore type (JKS/PKCS12 etc.)--> >>>>> <Type>JKS</Type> >>>>> <!-- Keystore password--> >>>>> <Password>wso2carbon</Password> >>>>> <!-- Private Key alias--> >>>>> <KeyAlias>wso2carbon</KeyAlias> >>>>> <!-- Private Key password--> >>>>> <KeyPassword>wso2carbon</KeyPassword> >>>>> </KeyStore> >>>>> >>>>> [2] - https://docs.wso2.com/display/ADMIN44x/Configuring+Keystor >>>>> es+in+WSO2+Products >>>>> >>>>> Regards, >>>>> Nira >>>>> >>>>> -- >>>>> >>>>> >>>>> *Niranjan Karunanandham* >>>>> Associate Technical Lead - WSO2 Inc. >>>>> WSO2 Inc.: http://www.wso2.com >>>>> >>>>> >>>> >>> >> >> >> -- >> >> >> *Niranjan Karunanandham* >> Associate Technical Lead - WSO2 Inc. >> WSO2 Inc.: http://www.wso2.com >> >> > Regards, Nira -- *Niranjan Karunanandham* Associate Technical Lead - WSO2 Inc. WSO2 Inc.: http://www.wso2.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
