[DOCU-2769] New config property to set cipher Created: 03/Jul/23  Updated: 02/Nov/23  Resolved: 27/Jul/23

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Julie Legendre Assignee: Julie Legendre
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
documentation
Template:
Acceptance criteria:
Empty
Task DoR:
Empty

 Description   

Cf: MAGNOLIA-8941

For both 6.2.37 and 6.3

Notes from discussion with Evzen:

The cipher should only be used for data transfer and not data storage

If you change the cipher, you lose any passwords created in password manager and the ldap connector and potentially other places in your custom code if you used it for data storage purposes. You must re-instantiate them with the new ciphers.

The same cipher should be set both in public and author instances.

Define in default magnolia.properties or in the properties files for different instances.

If not specified, fallback is RSA.

OOTB for new bundles, OAEPWithSHA3-256AndMGF1Padding is used.

In magnolia-empty-webapp/src/main/webapp/WEB-INF/config/default/magnolia.properties

# Algorithm for data transfer encryption/decryption https://www.bouncycastle.org/specifications.html
magnolia.cipher.algorithm=RSA/NONE/OAEPWithSHA3-256AndMGF1Padding

All instances MUST be set to same cipher algorithm, it is strongly suggested to upgrade all instances at once

if there is a difference in time(space) between data encryption and description this exception will be thrown

catch (IllegalBlockSizeException | BadPaddingException e) {
    throw new SecurityException("Failed to decrypt message. It might have been corrupted during transport.", e);
} 

 

 

 


Generated at Mon Feb 12 01:30:07 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.