3 Replies Latest reply on Dec 5, 2004 10:11 PM by Scott Stark

    Securing Encyrption Keys.

    cfrostrun Newbie

      is there a way for jboss to prompt user for input during the app server startup process? via an jmx mbean?

      i'd like some thoughts around this.

      i'd like to pass in the username/password for a keystore to get some encryption keys. i want it to be entered in as standard input through a command shell for security reasons.

      thanks for any thoughts,

      c

        • 2. Re: Securing Encyrption Keys.
          cfrostrun Newbie

          Scott,

          i believe this is what i'm looking for, but i'm not quite sure what/where to implement, and what file configurations(conf/xml's) will need to be made for the implementation.. can you provide any other pointers ?

          thanks,

          c

          • 3. Re: Securing Encyrption Keys.
            Scott Stark Master

            Check out the testsuite in the source download. It has examples of using the JaasSecurityDomain for encryption in the src/resources/security dir:

            <?xml version="1.0" encoding="UTF-8"?>
            
            <server>
             <!-- Test a plaintext password -->
             <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
             name="jboss.security:service=JaasSecurityDomain,domain=encode-decode">
             <constructor>
             <arg type="java.lang.String" value="encode-decode"/>
             </constructor>
             <attribute name="KeyStorePass">unit-tests</attribute>
             <attribute name="Salt">abcdefgh</attribute>
             <attribute name="IterationCount">13</attribute>
             </mbean>
            
             <!-- Test a password obtained from a class using a tmp file -->
             <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
             name="jboss.security:service=JaasSecurityDomain,domain=testTmpFilePassword">
             <constructor>
             <arg type="java.lang.String" value="testTmpFilePassword"/>
             </constructor>
             <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password</attribute>
             <attribute name="Salt">abcdefgh</attribute>
             <attribute name="IterationCount">13</attribute>
             </mbean>
            
             <!-- Test a password obtained from a class using an opaqued file -->
             <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
             name="jboss.security:service=JaasSecurityDomain,domain=testFilePassword">
             <constructor>
             <arg type="java.lang.String" value="testFilePassword"/>
             </constructor>
             <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${java.io.tmpdir}/tst.password</attribute>
             <attribute name="Salt">abcdefgh</attribute>
             <attribute name="IterationCount">13</attribute>
             </mbean>
            
            </server>