Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCU-2769

New config property to set cipher

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • None
    • None
    • None
    • None

    Description

      Cf: MAGNOLIA-8941

      For both 6.2.37 and 6.3

      Notes from discussion with Evzen:

      The cipher should only be used for data transfer and not data storage

      If you change the cipher, you lose any passwords created in password manager and the ldap connector and potentially other places in your custom code if you used it for data storage purposes. You must re-instantiate them with the new ciphers.

      The same cipher should be set both in public and author instances.

      Define in default magnolia.properties or in the properties files for different instances.

      If not specified, fallback is RSA.

      OOTB for new bundles, OAEPWithSHA3-256AndMGF1Padding is used.

      In magnolia-empty-webapp/src/main/webapp/WEB-INF/config/default/magnolia.properties

      # Algorithm for data transfer encryption/decryption https://www.bouncycastle.org/specifications.html
      magnolia.cipher.algorithm=RSA/NONE/OAEPWithSHA3-256AndMGF1Padding

      All instances MUST be set to same cipher algorithm, it is strongly suggested to upgrade all instances at once

      if there is a difference in time(space) between data encryption and description this exception will be thrown

      catch (IllegalBlockSizeException | BadPaddingException e) {
          throw new SecurityException("Failed to decrypt message. It might have been corrupted during transport.", e);
      } 

       

       

       

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                jlegendre Julie Legendre
                jlegendre Julie Legendre
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoR