mtamboli
commented
2 months ago @arkarkala @nstewart0206 @leochr
Open mtamboli opened 2 months ago
mtamboli
commented
2 months ago @arkarkala @nstewart0206 @leochr
Zech-Hein
commented
1 month ago Hi Monica, thank you for raising this. I agree, I think there is value in allowing the encryption key value to be encoded. I will raise this as part of an upcoming feature.
Describe the bug
A clear and concise description of what the bug is.
Currently, Liberty allows adding custom AES encryption key by including this config in server.xml. It is admin's responsibility to protect this file on the file system. But it would be good to have some way to protect this key instead of clear text. At minimum base 64 encoding the clear text. I tried and it does not seem like that Liberty is able to handle the encoded key, it seems to take this as literal key.
This is how we define the key and include this file in server.xml:
I tried to encode the above key and replace the encoded key:
/root/liberty/ee11/wlp/bin/securityUtility encode svtmstkey {xor}LCkrMiwrNDom
Result of this, there are exceptions and It is not able to handle the DB2 authentication passwords encrypted with
svtmstkeyIf there is a stack trace, please include the FULL stack trace (without any
[internal classes]lines in it). To find the full stack trace, you may need to check in$WLP_OUTPUT_DIR/messages.logSteps to Reproduce
Steps to reproduce the bug
Steps described above.
Expected behavior
A clear and concise description of what you expected to happen.
Diagnostic information:
java -version]$WLP_OUTPUT_DIR/messages.logLiberty version 24.0.0.8 Eclipse OpenJ9 VM, version 17.0.8.1+1 (en_US)
Additional context
Add any other context about the problem here.
AESDecryptionError.log