Protecting property files

Help
2013-12-06
2014-03-24
  • Hello.

    From security's point of view, it is desirable to protect property files since some of them includes password(s).
    Do you have any plan to support something like "Encryption" scheme for the property files?

    Regards,
    Koichi Sugimoto.

     
  • Hi Koichi,

    Password in property files can be protected, or promped for instead of entered in clear. See http://ejbca.org/security.html.

    Cheers,
    Tomas

     
  • Hello Tomas,

    Thanks.

    Regards,
    Koichi Sugimoto.

     
  • Todor Todorov
    Todor Todorov
    2014-03-24

    The link "http://ejbca.org/adminguide.html#Auto-activation%20of%20CA%20tokens" seems to be broken.
    I guess, the passwords can be encrypted with "ejbca.sh encryptpwd", where you enter your password and the script will return it encrypted.
    However, my concern is how should I substitute the passwords in the "*.properties" files with the encrypted ones?
    I guess there should be some additional parameter which will tell to EJBCA that the password assigned to a particular parameter is an encrypted one and it will have to decrypt it first before using it.

    For example, in WebLogic the encrypted passwords begin with the encryption algorithm - {AES}<encrypted password="">.