Describe the bug
A clear and concise description of what the bug is.
Currently, Liberty allows adding custom AES encryption key by including this config in server.xml. It is admin's responsibility to protect this file on the file system. But it would be good to have some way to protect this key instead of clear text. At minimum base 64 encoding the clear text. I tried and it does not seem like that Liberty is able to handle the encoded key, it seems to take this as literal key.
This is how we define the key and include this file in server.xml:
Result of this, there are exceptions and It is not able to handle the DB2 authentication passwords encrypted with svtmstkey
If there is a stack trace, please include the FULL stack trace (without any [internal classes] lines in it). To find the full stack trace, you may need to check in $WLP_OUTPUT_DIR/messages.log
Steps to Reproduce
Steps to reproduce the bug
Steps described above.
Expected behavior
A clear and concise description of what you expected to happen.
Diagnostic information:
OpenLiberty Version: [e.g. 21.0.0.8 - 21.0.0.10]
Affected feature(s) [e.g. mpHealth-3.0]
Java Version: [i.e. full output of java -version]
server.xml configuration (WITHOUT sensitive information like passwords)
If it would be useful, upload the messages.log file found in $WLP_OUTPUT_DIR/messages.log
Liberty version 24.0.0.8
Eclipse OpenJ9 VM, version 17.0.8.1+1 (en_US)
Additional context
Add any other context about the problem here.
Hi Monica, thank you for raising this. I agree, I think there is value in allowing the encryption key value to be encoded. I will raise this as part of an upcoming feature.
Describe the bug
A clear and concise description of what the bug is.
Currently, Liberty allows adding custom AES encryption key by including this config in server.xml. It is admin's responsibility to protect this file on the file system. But it would be good to have some way to protect this key instead of clear text. At minimum base 64 encoding the clear text. I tried and it does not seem like that Liberty is able to handle the encoded key, it seems to take this as literal key.
This is how we define the key and include this file in server.xml:
I tried to encode the above key and replace the encoded key:
/root/liberty/ee11/wlp/bin/securityUtility encode svtmstkey {xor}LCkrMiwrNDom
Result of this, there are exceptions and It is not able to handle the DB2 authentication passwords encrypted with
svtmstkey
If there is a stack trace, please include the FULL stack trace (without any
[internal classes]
lines in it). To find the full stack trace, you may need to check in$WLP_OUTPUT_DIR/messages.log
Steps to Reproduce
Steps to reproduce the bug
Steps described above.
Expected behavior
A clear and concise description of what you expected to happen.
Diagnostic information:
java -version
]$WLP_OUTPUT_DIR/messages.log
Liberty version 24.0.0.8 Eclipse OpenJ9 VM, version 17.0.8.1+1 (en_US)
Additional context
Add any other context about the problem here.
AESDecryptionError.log