Version 8
Created by anil.saldhana on May 27, 2011 11:16 AM. Last modified by anil.saldhana on May 27, 2011 1:34 PM.

    This article will describe the strategies/design for both password masking and encryption.

    Objective

    The configuration/domain model needs one or more passwords. We do not want to specify the passwords in clear text.

    JBoss AS 7 will provide both opportunities for masking as well as using encryption.

     

    Methods

    There are 2 methods available to specify passwords without clear text visibility.

    1. Password based encryption (aka Masking)
    2. Password Encryption using AES, 3DES etc

     

    Password Based Encryption (PBE) provides security by obsurity. It just masks the password. It does not provide any fool-proof security.

    Password Encryption using AES or 3DES provides industry strength encryption.

    Challenges

    PBE uses the following:

    1. Salt
    2. Iteration Count
    3. Password  to mask.

     

    Encryption uses the following:

    1. Cipher Text (password in this case)
    2. Secret Key
    3. Encryption Type (AES or 3DES)
    4. Key Size

     

    Encryption uses a secret key to encrypt the password.  When you are ready to decrypt the password, you will need the secret key.

     

    The biggest challenge is going to be managing the secret key.

     

     

    Key Distribution

    We need to secure the secret key in both the strategies - PBE and Encryption.

    The secret key is never in the open. 

     

    In the "standalone" mode, there is no issue. The administrator/user creates the secret key that is available to the AS.

    In the "domain" mode, if the administrator created the secret key, then he has to manually copy the secured secret key to all the instances in the domain. The reason is that we have not yet figured out the safety of replicating keys across a domain. Until we are satisfied, manual distribution it is.

     

    Strategy

    We need to provide pluggable settings such that

    • 3rd party security providers may provide the secret key used in the encryption/decryption. OR
    • Custom code that can provide the password.

     

    Domain Model Settings

    (TBD)

    Note to Anil: 

    • The transaction module has a "relative to" settings that allows you to specify paths.
    • BrianS says

     

    (11:12:06 AM) asaldhan: bstansberry: for the domain mode,  what is jboss.server.data.dir?    I only see data in standalone
(11:14:06 AM) bstansberry: asaldhan: in domain mode, the servers, e.g. one name "server-one" would be in domain/servers/server-one
(11:14:28 AM) bstansberry: jboss.server.data.dir would point to domain/servers/server-one/data
(11:14:53 AM) asaldhan: bstansberry: got it. thx.