[
https://issues.apache.org/jira/browse/FINERACT-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135183#comment-17135183
]
Michael Vorburger commented on FINERACT-1034:
---------------------------------------------
> I have encountered some instances where the request body in an API need to be
> encrypted from the source. (An Example for this is can be a guideline on
> `Authentication api` to encrypt username and password right from the source).
Is the main goal here to encrypt "in transit" (so to protect from eavesdropping
on the network) or "at rest" (to protect someone obtaining the database) ? For
the former, one could argue that HTTPS (which Fineract enforces) already
provides that. I'm concerned that requiring e.g. Web UI and App clients of the
Authentication API to encrypt username and password will add significant
complexity to such clients.
I don't want to be PITA (and want to encourage you [~fynmanoj] to contribute
more! and I'm concerned that "pushing back" here could be misinterpreted as the
project not welcoming contributions... we would love to see more from you!),
but I have to admit that I still don't really get the point of this feature.
> The decryption method is added to the PR
Perhaps seeing a real world example usage of the decryption method would help
the project's current maintainers better understand its value.
[~ptuomola] and [~awasum] FYI.
> RSA Encryption
> --------------
>
> Key: FINERACT-1034
> URL: https://issues.apache.org/jira/browse/FINERACT-1034
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Manoj
> Assignee: Manoj
> Priority: Minor
> Fix For: 1.4.0
>
>
> Add RSA key generation API and decryption infra for requests that require
> encryption from source such as biometric, authentication etc.. Also create a
> self expiring keystore
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
