[
https://issues.apache.org/jira/browse/FINERACT-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17292483#comment-17292483
]
Aleksandar Vidakovic commented on FINERACT-1034:
------------------------------------------------
[~fynmanoj] is this still being worked on? From what I understood in the
description: I think this is covered by the fact that we always send data over
HTTPS. Encrypting pieces of information inside of an encrypted channel (HTTPS)
doesn't give yield "more security", because it's "twice encrypted". In the end
what you are describing is a bit like OAuth access tokens (concerning the
timeouts). Speaking from own experience in implementing such a feature: you'll
see that once in production you'll probably need to relax the timeouts
considerably, because the parties (clients) involved have out of tune system
clocks. I used this approach with a REST API where the authentication was done
with anĀ API key that was encrypted with validity timeout. In the end I had to
relax the timeouts in the range of minutes, because the integration partner was
unable to tune his clocks.
I'd suggest to close this issue if there's no further activity here.
> RSA Encryption
> --------------
>
> Key: FINERACT-1034
> URL: https://issues.apache.org/jira/browse/FINERACT-1034
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Manoj
> Assignee: Manoj
> Priority: Minor
> Fix For: 1.5.0
>
>
> Add RSA key generation API and decryption infra for requests that require
> encryption from source such as biometric, authentication etc.. Also create a
> self expiring keystore
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
