Details
-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
Cf: MAGNOLIA-8941
For both 6.2.37 and 6.3
Notes from discussion with Evzen:
The cipher should only be used for data transfer and not data storage
If you change the cipher, you lose any passwords created in password manager and the ldap connector and potentially other places in your custom code if you used it for data storage purposes. You must re-instantiate them with the new ciphers.
The same cipher should be set both in public and author instances.
Define in default magnolia.properties or in the properties files for different instances.
If not specified, fallback is RSA.
OOTB for new bundles, OAEPWithSHA3-256AndMGF1Padding is used.
In magnolia-empty-webapp/src/main/webapp/WEB-INF/config/default/magnolia.properties
# Algorithm for data transfer encryption/decryption https://www.bouncycastle.org/specifications.html magnolia.cipher.algorithm=RSA/NONE/OAEPWithSHA3-256AndMGF1Padding
All instances MUST be set to same cipher algorithm, it is strongly suggested to upgrade all instances at once
if there is a difference in time(space) between data encryption and description this exception will be thrown
catch (IllegalBlockSizeException | BadPaddingException e) { throw new SecurityException("Failed to decrypt message. It might have been corrupted during transport.", e); }