Wiki Navigation

Start Page > DevDocs > Encryption

Passwords and Encryption

Overview

Passwords are needed for external subscriptions. Either we ask every time or we store them somewhere on the server. Asking every time doesn't work as a subscription might affect freebusy and that is checked by other users.

Currently passwords are encrypted and stored in the BwCalendar object.

En/Decryption is carried out by a module which implements the PwEncryptionIntf interface and is obtained by a call on !svc.getEncrypter()

Currently a class name is built into svc. This could be a configurable property.

The currently used class is

This requires a configuration section in the options.xml file. The distrubuted version is

          <default-pwencrypt classname="org.bedework.calfacade.security.DefaultPwEncryptionConfig">
            <privKeys>@QUICKSTART_DIR@/data/bedework/privkeys</privKeys>
            <pubKeys>@QUICKSTART_DIR@/data/bedework/pubkeys</pubKeys>

            <debug>true</debug>
            <verbose>true</verbose>
          </default-pwencrypt>

We have 2 directories, one storing the private keys and one the public.

If these keys are lost or changed all stored passwords become invalid. Each file contains 1 or more keys numbered from 0 to n - 1.

Encrypted passwords are stored in the form

<n>{<chars>}

where n is the number of the key and chars is the base 64 encoded encryption.

Appending a new key pair will result in the system using the latest pair for all encodings. Old keys will continue to be used.

Encryption package

Most of the work is done by the pki class in rpiUtil - edu.rpi.cmt.security.pki. There are 2 classes, one, PkiUtil?, is a utility which droves the other and can be used to generate private/public keys. The other, PKITools, does the real work.

Creating a set of keys. This will become a runnable utility of some form.

cd into rpiUtil/dist.

mkdir bedework

The following all goes on one line

java -cp rpiutil-3.6.jar:../lib/commons-codec-1.3.jar:../lib/log4j-1.2.8.jar:../../bwtools/resources/ edu.rpi.cmt.security.pki.PkiUtil -genkeys -privkey bedework/privkeys -pubkey bedework/pubkeys

The utility will generate keys and then test them by encrypting and decrypting a string. If all goes well there is now a set of keys in directory bedework. Copy that directory into the quickstart data directory.

Other useful options are:

-nappend - do not append to key files - just overwrite - DANGEROUS - will invalidate all your stored passwords.

Download in other formats:

Plain Text