subject:"Re\: \[cas\-user\] Re\: encryption and signing key generation"

Re: [cas-user] Re: encryption and signing key generation

2018-09-14 Thread Curtis Ruck

typo in the key name.  It worked perfectly for me once i generated the
value with openssl instead of jwk-gen.jar

--
Curtis Ruck


On Fri, Sep 14, 2018 at 2:47 PM Zach Tackett  wrote:

> I tried this and it still says
>
>  [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the
> encryption key>
>  generated key MUST be added to CAS settings under setting
> [cas.webflow.crypto.encryption.key].>
>
> Any hint as to why?
>
> On Thursday, September 13, 2018 at 10:03:02 AM UTC-4, William E. wrote:
>>
>> +1
>>
>> I ended up grabbing values from the cas startup logs and setting in my
>> cas.properties.  Seems to work.
>>
>>
>> On Wednesday, September 12, 2018 at 3:34:32 PM UTC-5, Curtis Ruck wrote:
>>>
>>> So i'm trying to automate the generation and persistence of the
>>> cas.tgc.crypto and cas.webflow.crypto encryption and signing keys.
>>>
>>> I'm using the jwk-gen.jar, and when i store the key in cas.properties,
>>> i end up with "Invalid AES key length: 43 bytes" when trying to access the
>>> login page.
>>>
>>>
>>> If I let CAS generate a key, its the same exact string length (43
>>> bytes). What is different between my key versus cas's generated keys? Then
>>> i'm extracting the k value from the json, and inserting it into my
>>> cas.properties.
>>>
>>> java -jar jwk-gen.jar -t oct 256 -o tgc-enc.jwks
>>> java -jar jwk-gen.jar -t oct 512 -o tgc-sig.jwks
>>> java -jar jwk-gen.jar -t oct 256 -o webflow-enc.jwks
>>> java -jar jwk-gen.jar -t oct 512 -o webflow-sig.jwks
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/605dd238-e739-4269-bcc7-4e89b1cdee33%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFgGLFfwAEyJP4pqxt%3DSk1sUSw6vrGk4jiMFwcW6w6%2BTevoQgg%40mail.gmail.com.

Re: [cas-user] Re: encryption and signing key generation

2018-09-13 Thread Curtis Ruck

I believe this is the detail that is missing.  I was following 
the 
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#signing--encryption
 
documentation.  Didn't see the line at webflow about "The encryption key 
must be randomly-generated string of size f16. The signing key is a JWK 

 of 
size 512."

openssl rand -base64 16 > webflow-enc.txt

I had the -s, but lost it in the translation to google groups.

On Thursday, September 13, 2018 at 4:12:26 PM UTC-4, David Curry wrote:
>
> The encryption key for Spring Webflow (cas.webflow.crypto.encryption.key) 
> is not a JSON Web Key. It's a randomly-generated string of 16 octets, 
> Base64-encoded. You can generate it with OpenSSL:
>
> openssl rand -base64 16 > webflow-enc.txt
>
>
> Also, I believe you need a '-s' in front of the size argument for the 
> other three:
>
> java -jar jwk-gen.jar -t oct *-s* 256 -o tgc-enc.jwks
> java -jar jwk-gen.jar -t oct *-s* 512 -o tgc-sig.jwks
> java -jar jwk-gen.jar -t oct *-s* 512 -o webflow-sig.jwks
>
>
> --Dave
>
> P.S. - I'm guessing on the '-s' issue; I used the web-based version of 
> the key generator rather than the jar file.
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
>
> On Thu, Sep 13, 2018 at 4:01 PM Curtis Ruck  > wrote:
>
>> The problem is due to the chicken and egg issue.  I need to prepopulate 
>> the cas.properties, so the service can start up and work (without human 
>> intervention).  I'm trying my best to avoid having to start a service, 
>> parse the logs, and modify config, then restart the service.  The 
>> documentation seems very light on these keys.
>>
>> On Thursday, September 13, 2018 at 10:03:02 AM UTC-4, William E. wrote:
>>>
>>> +1
>>>
>>> I ended up grabbing values from the cas startup logs and setting in my 
>>> cas.properties.  Seems to work.
>>>
>>>
>>> On Wednesday, September 12, 2018 at 3:34:32 PM UTC-5, Curtis Ruck wrote:

 So i'm trying to automate the generation and persistence of the 
 cas.tgc.crypto and cas.webflow.crypto encryption and signing keys.

 I'm using the jwk-gen.jar, and when i store the key in cas.properties, 
 i end up with "Invalid AES key length: 43 bytes" when trying to access the 
 login page.


 If I let CAS generate a key, its the same exact string length (43 
 bytes). What is different between my key versus cas's generated keys? Then 
 i'm extracting the k value from the json, and inserting it into my 
 cas.properties.

 java -jar jwk-gen.jar -t oct 256 -o tgc-enc.jwks
 java -jar jwk-gen.jar -t oct 512 -o tgc-sig.jwks
 java -jar jwk-gen.jar -t oct 256 -o webflow-enc.jwks
 java -jar jwk-gen.jar -t oct 512 -o webflow-sig.jwks

>>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/16619ee4-f77f-4436-9237-5a0e812bd17f%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b47cc34d-f6f6-46a1-8534-6f1c697c16b9%40apereo.org.

Re: [cas-user] Re: encryption and signing key generation

2018-09-13 Thread David Curry

The encryption key for Spring Webflow (cas.webflow.crypto.encryption.key)
is not a JSON Web Key. It's a randomly-generated string of 16 octets,
Base64-encoded. You can generate it with OpenSSL:

openssl rand -base64 16 > webflow-enc.txt


Also, I believe you need a '-s' in front of the size argument for the other
three:

java -jar jwk-gen.jar -t oct *-s* 256 -o tgc-enc.jwks
java -jar jwk-gen.jar -t oct *-s* 512 -o tgc-sig.jwks
java -jar jwk-gen.jar -t oct *-s* 512 -o webflow-sig.jwks


--Dave

P.S. - I'm guessing on the '-s' issue; I used the web-based version of the
key generator rather than the jar file.

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]


On Thu, Sep 13, 2018 at 4:01 PM Curtis Ruck  wrote:

> The problem is due to the chicken and egg issue.  I need to prepopulate
> the cas.properties, so the service can start up and work (without human
> intervention).  I'm trying my best to avoid having to start a service,
> parse the logs, and modify config, then restart the service.  The
> documentation seems very light on these keys.
>
> On Thursday, September 13, 2018 at 10:03:02 AM UTC-4, William E. wrote:
>>
>> +1
>>
>> I ended up grabbing values from the cas startup logs and setting in my
>> cas.properties.  Seems to work.
>>
>>
>> On Wednesday, September 12, 2018 at 3:34:32 PM UTC-5, Curtis Ruck wrote:
>>>
>>> So i'm trying to automate the generation and persistence of the
>>> cas.tgc.crypto and cas.webflow.crypto encryption and signing keys.
>>>
>>> I'm using the jwk-gen.jar, and when i store the key in cas.properties,
>>> i end up with "Invalid AES key length: 43 bytes" when trying to access the
>>> login page.
>>>
>>>
>>> If I let CAS generate a key, its the same exact string length (43
>>> bytes). What is different between my key versus cas's generated keys? Then
>>> i'm extracting the k value from the json, and inserting it into my
>>> cas.properties.
>>>
>>> java -jar jwk-gen.jar -t oct 256 -o tgc-enc.jwks
>>> java -jar jwk-gen.jar -t oct 512 -o tgc-sig.jwks
>>> java -jar jwk-gen.jar -t oct 256 -o webflow-enc.jwks
>>> java -jar jwk-gen.jar -t oct 512 -o webflow-sig.jwks
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/16619ee4-f77f-4436-9237-5a0e812bd17f%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMb%3DeuC17W3_-4uhAUZeyj95p71jfbjHv%3DVCq_dHt_hVQ%40mail.gmail.com.

RE: [cas-user] Re: encryption and signing key generation

2018-09-13 Thread Doug Campbell

You might check out the server configuration section of the CAS deployment 
guide that David Curry has put together 
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_configure-server-properties.html.
  My guess is that there is a slight mistake in what you are currently doing 
and perhaps if you go through David’s step-by-step it will show you what is off 
in your current approach.

 

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Curtis Ruck
Sent: Thursday, September 13, 2018 4:01 PM
To: CAS Community 
Subject: [cas-user] Re: encryption and signing key generation

 

The problem is due to the chicken and egg issue.  I need to prepopulate the 
cas.properties, so the service can start up and work (without human 
intervention).  I'm trying my best to avoid having to start a service, parse 
the logs, and modify config, then restart the service.  The documentation seems 
very light on these keys.

On Thursday, September 13, 2018 at 10:03:02 AM UTC-4, William E. wrote:

+1

 

I ended up grabbing values from the cas startup logs and setting in my 
cas.properties.  Seems to work.



On Wednesday, September 12, 2018 at 3:34:32 PM UTC-5, Curtis Ruck wrote:

So i'm trying to automate the generation and persistence of the cas.tgc.crypto 
and cas.webflow.crypto encryption and signing keys.

 

I'm using the jwk-gen.jar, and when i store the key in cas.properties, i end up 
with "Invalid AES key length: 43 bytes" when trying to access the login page.

 

 

If I let CAS generate a key, its the same exact string length (43 bytes). What 
is different between my key versus cas's generated keys? Then i'm extracting 
the k value from the json, and inserting it into my cas.properties.

 

java -jar jwk-gen.jar -t oct 256 -o tgc-enc.jwks

java -jar jwk-gen.jar -t oct 512 -o tgc-sig.jwks

java -jar jwk-gen.jar -t oct 256 -o webflow-enc.jwks

java -jar jwk-gen.jar -t oct 512 -o webflow-sig.jwks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/16619ee4-f77f-4436-9237-5a0e812bd17f%40apereo.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/16619ee4-f77f-4436-9237-5a0e812bd17f%40apereo.org?utm_medium=email_source=footer>
 .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/032e01d44b9d%249d9eb680%24d8dc2380%24%40gmail.com.

Re: [cas-user] Re: encryption and signing key generation

Re: [cas-user] Re: encryption and signing key generation

Re: [cas-user] Re: encryption and signing key generation

RE: [cas-user] Re: encryption and signing key generation

4 matches

Site Navigation

Mail list logo

Footer information