When setting PIN in pkcs11cryptotoken properties, PIN is stored in cleartext in database.
When using auto-activation in EJBCA, PIN is protected at least with obfuscation.
Is there a way how to do it in SignServer also?
It should use the same cesecore common libraries...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You are right, as we are using CESeCore underneath the HSM password can be stored in an obfuscated form and it will be deobfuscated before being used to login to the HSM.
However, we don't have any automatic way of creating the obfuscated password. What you can do is to obtain the obfuscated password using the EJBCA CLI command "encryptpwd".
As I understand it, the purpose of the obfuscation is to create a longer and random looking password so that anyone happening to view the configuration would not immediately see the password.
I guess an alternative would be to change so that we don't display the password provided at all in the GUI. That would need some special handling of the PIN (or KEYSTOREPASSWORD) properties.
Cheers,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That is true, but obfuscated is better than clertext when storing.
I have created custom admin CLI which includes auto-activation flag and in case it is true, then obfuscated PIN is stored using CESeCore methods.
Maybe this can be a good for future release of SignServer, especially when it is shown in AdminGUI.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When setting PIN in pkcs11cryptotoken properties, PIN is stored in cleartext in database.
When using auto-activation in EJBCA, PIN is protected at least with obfuscation.
Is there a way how to do it in SignServer also?
It should use the same cesecore common libraries...
Hi Roman,
You are right, as we are using CESeCore underneath the HSM password can be stored in an obfuscated form and it will be deobfuscated before being used to login to the HSM.
However, we don't have any automatic way of creating the obfuscated password. What you can do is to obtain the obfuscated password using the EJBCA CLI command "encryptpwd".
As I understand it, the purpose of the obfuscation is to create a longer and random looking password so that anyone happening to view the configuration would not immediately see the password.
I guess an alternative would be to change so that we don't display the password provided at all in the GUI. That would need some special handling of the PIN (or KEYSTOREPASSWORD) properties.
Cheers,
Markus
Dear Markus,
That is true, but obfuscated is better than clertext when storing.
I have created custom admin CLI which includes auto-activation flag and in case it is true, then obfuscated PIN is stored using CESeCore methods.
Maybe this can be a good for future release of SignServer, especially when it is shown in AdminGUI.
Hi Roman,
Sounds interesting, feel free to provide a patch and we can discuss if/how we could integrate it.
Cheers,
Markus