Changing password

[rosemead]

Hi. Am I correct in my understanding that with this solution, changing a password requires decrypting and re-encrypting all encrypted data (because the key is generated from a single password, passed either through conf or a PBE web page?)

If so, is there some recommendation on supporting data-at-rest encryption in grails, while providing for changing of passwords?

Thanks!

[dtanner]

Hi, Unfortunately I don't know of a way to support key changes without having to re-encrypt the data; definitely not with jasypt yet. My experience with that requirement is to use key encrypting keys, but it wasn't with java libraries. It's not fun. I know some database providers (e.g. SQL Server) support transparent encryption, which I think also supports key-only changes. If you're on an Amazon infrastructure, you can also use EBS Encryption. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

[rosemead]

Thanks!