Clement,
Thanks for the answer.
But the key file that is randomly generated by the java method
"org.lsc.utils.security.SymmetricEncryption" has a size of 24 bytes. Is
this size mandatory ? Does it mean that I must choose a passphrase with
a length of 24 characters ? Or does it mean that, in the "lsc.key", only
the first 16 bytes are useful and that the 8 other bytes are padding ?
I ask this, because I thought that the length of the passphrase for an
AES 128bits symmetrical encryption was 16 bytes, and because I tried
your suggestion before asking to the mail-list (with a 16 bytes lsc.key
file), and that the result of the encryption by the LSC task has not be
the same as the result obtained by the OpenLDAP people with a Perl
script and some CPAN Crypt add-ons.
To resume, let's say that before saying to the OpenLDAP people that they
probably have made a mistake, I must be certain that the mistake does
not come from me ;-)))
Regards
Eric
e 29/10/2014 15:49, Clément OUDOT a écrit :
2014-10-29 15:45 GMT+01:00 Eric Cassette <[email protected]
<mailto:[email protected]>>:
Hello lsc-users,
I need to synchronize an OpenLDAP Directory to a MS
Active-Directory (It's never too late for that ;-)), and I choose
LSC to do that.
After the reading of the archives of this mailing-list (many
thanks to all the contributors), I have been able to define the
tasks to synchronize the users and the groups.
Now, I am testing the symmetric encryption of an attribute (guess
wich attribute ;-))...
Following
http://lsc-project.org/wiki/documentation/latest/configuration/syncoptions/security,
I have generated a random key file ("lsc.key") for the default
AES-128 bits encryption, and played successfully with the
"SecurityUtils.encrypt"and "SecurityUtils.decrypt"functions.
Now, I need to share the secret key with the people that manage
the OpenLdap directory, but I don't know how to retrieve this
information from the content of the "lsc.key" file ?
I thought that the content of the key file was the 128 bits value
of the secret key, but the size of the file is 24 bytes (192
bits)... So, I am lost.
Another solution could be to share a secret key choosen by the
OpenLDAP team, but, in that case, how to create the correct
lsc.key file ?
Hi Eric,
you can also use an ASCII lsc.key file, just set a passphrase into it
with a standard editor. This passphrase can be communicated to trusted
people.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
