[DOCU-2769] New config property to set cipher Created: 03/Jul/23 Updated: 02/Nov/23 Resolved: 27/Jul/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Julie Legendre | Assignee: | Julie Legendre |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoR: |
Empty
|
||||
| Description |
|
Cf: MAGNOLIA-8941 For both 6.2.37 and 6.3 Notes from discussion with Evzen: The cipher should only be used for data transfer and not data storage If you change the cipher, you lose any passwords created in password manager and the ldap connector and potentially other places in your custom code if you used it for data storage purposes. You must re-instantiate them with the new ciphers. The same cipher should be set both in public and author instances. Define in default magnolia.properties or in the properties files for different instances. If not specified, fallback is RSA. OOTB for new bundles, OAEPWithSHA3-256AndMGF1Padding is used. In magnolia-empty-webapp/src/main/webapp/WEB-INF/config/default/magnolia.properties # Algorithm for data transfer encryption/decryption https://www.bouncycastle.org/specifications.html magnolia.cipher.algorithm=RSA/NONE/OAEPWithSHA3-256AndMGF1Padding All instances MUST be set to same cipher algorithm, it is strongly suggested to upgrade all instances at once if there is a difference in time(space) between data encryption and description this exception will be thrown catch (IllegalBlockSizeException | BadPaddingException e) { throw new SecurityException("Failed to decrypt message. It might have been corrupted during transport.", e); }
|