Le 18/03/2020 à 19:12, pratyush Giri a écrit :
Forst, I thought I have posted it to the User ML, and if it reached somewhere
else, I apologize.
Please read my email. It's not that you did not post to the user ML, but that
you are not subscribed.
This time you sent a message directly to me, please don't.
Again: SUBSCRIBE to the user ML as explained below, and more in the provided
I have a few entities which I have created for a plugin and these entities have columns
in the entities where encrypt="true".
With this, I have tested that when I save some data to these fields, they are
encrypted (used a select in SQL to verify). In my seed data, I have
also added a Keystore entry with a key and a key text. I do not do anything
fancy, just set the entity attributed and then save them.
This means that Ofbiz is using some keys to encrypt the columns. Then when I
went into my entity reference and checked the Key Store entries, along
with my key I see a bunch of other keys and key text. Please note that I did a
clean all followed by a loadProdData ( no demo data in my instance).
1. Where are these other keys coming from?
OOTB there are some encrypted fields, eg in accounting-entitymodel.xml. The
"other" keys are coming from there.
2. Which key was used to encrypt these columns?
Have a look at EntityCrypto class to get more information about fields
3. For security reasons, I would like to rotate keys (say annually). How do I
do that? I see EntityDataServices has these following 2 services. is
that what needs to be done?
<service name="reencryptPrivateKeys" engine="java" auth="true"
location="org.apache.ofbiz.entityext.data.EntityDataServices" invoke="reencryptPrivateKeys"> <description>Re-encrypt the private keys, encrypted in EntityKeyStore with oldKey,
using the newKey.</description> <attribute name="oldKey" type="String" mode="IN" optional="true"/> <attribute name="newKey"
type="String" mode="IN" optional="true"/>
</service> <service name="reencryptFields" engine="java" auth="true"
location="org.apache.ofbiz.entityext.data.EntityDataServices" invoke="reencryptFields"> <description>Re-encrypt all the encrypted fields in the
data model.</description> <attribute name="groupName" type="String" mode="IN" optional="true"
Overall, it would be a good idea to understand these and looking for if someone
has the knowledge or understanding around these.
Any suggestions are greatly appreciated.
You may indeed use these (not used OOTB) services to rotate keys
On Wed, Mar 18, 2020 at 12:30 AM Jacques Le Roux <jacques.le.r...@les7arts.com
Your message has been moderated.
Please subscribe to the user ML for such questions and then use your email
See why here http://ofbiz.apache.org/mailing-lists.html.
You will get a better support, people can answer you on the ML.
The wider the audience the better the answers you might get.
Also it's more work for moderators who have to accept your messages as
long as you have not subscribed.
I'll personally no longer accept them (other moderators still could).
This said, in what context do you use encryption keys? Can you refer to a
code section or something?
Le 18/03/2020 à 07:30, pratyush Giri a écrit :
> Hi All,
> I am looking to understand on my production system
> 1. How and where I can configure encryption keys.
> 2. If I need to rotate the encryption keys, what is the process to do so?
> Thank you in advance.