Re: svn commit: r1335268 - /ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java

> Author: doogie
> Date: Mon May  7 21:27:32 2012
> New Revision: 1335268
>
> URL: http://svn.apache.org/viewvc?rev=1335268&view=rev
> Log:
> FEATURE: Key-encrypting-key(kek) support is now enabled.  To enable
> support for this, run:
>
> java org.ofbiz.base.crypto.Main -kek
>
> and paste that value as a new attribute in entityengine.xml,<delegator
> key-encrypting-key="$kekText"/>.  Make certain to add that attribute to
> *all* delegators that share the same datasources.
>
> ps: That java command should really be added to build.xml.
>
> Modified:
>      ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java
>
> Modified: ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java?rev=1335268&r1=1335267&r2=1335268&view=diff
> ==============================================================================
> --- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java (original)
> +++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java Mon May  7 21:27:32 2012
> @@ -63,7 +63,7 @@ public final class EntityCrypto {
>               throw new EntityCryptoException(e);
>           }
>           handlers = new StorageHandler[] {
> -            // new SaltedBase64StorageHandler(kek),
> +            new SaltedBase64StorageHandler(kek),
>               NormalHashStorageHandler,
>               OldFunnyHashStorageHandler,
>           };
>
>

> Hi Adam,
>
> thanks for adding this feature i would really love to use it, however is
> it possible to provide more info than the information below? As far as i
> can see:
>
> 1. generate a kek text with the "./ant gen-kek" command
> 2. add this text to entity-engine.xml :
> <delegator key-encrypting-key="$kekText"/>
> (is that at the root level? not yet added to the xsd?)
> 3. add this text to the TenantKeyEncryptingKey entity for the related tenant
> does this affect the postgres datasource password?
>
> Is this all? How about existing tenants? how can we use this feature for
> that?
>
> Thanks in advance for your help,
>
> regards,
> Hans
>
> On 05/08/2012 04:27 AM, [hidden email] wrote:
>> Author: doogie
>> Date: Mon May  7 21:27:32 2012
>> New Revision: 1335268
>>
>> URL: http://svn.apache.org/viewvc?rev=1335268&view=rev
>> Log:
>> FEATURE: Key-encrypting-key(kek) support is now enabled.  To enable
>> support for this, run:
>>
>> java org.ofbiz.base.crypto.Main -kek
>>
>> and paste that value as a new attribute in entityengine.xml,<delegator
>> key-encrypting-key="$kekText"/>.  Make certain to add that attribute to
>> *all* delegators that share the same datasources.
>>
>> ps: That java command should really be added to build.xml.
>>
>> Modified:
>>      ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java
>>
>> Modified: ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java?rev=1335268&r1=1335267&r2=1335268&view=diff
>> ============================================================================== ---
>> ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java (original) +++
>> ofbiz/trunk/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java Mon May  7 21:27:32 2012 @@ -63,7 +63,7 @@ public final
>>               class EntityCrypto { throw new EntityCryptoException(e);
>>           }
>>           handlers = new StorageHandler[] {
>> -            // new SaltedBase64StorageHandler(kek),
>> +            new SaltedBase64StorageHandler(kek),
>>               NormalHashStorageHandler,
>>               OldFunnyHashStorageHandler,
>>           };