Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:

Release Note Text:
The issue has been converted to RFE WFCORE-3075.
Target Release:

7.2.0.GA

SFDC Cases Counter:
SFDC Cases Links:

Description

In Elytron, there is keystore password (key-store resource) and key password (key-managers resource) required.
However in theory there could be cases, where no password can be intended

key-store resource for truststore purposes (reading truststore)
PKCS12 can be created without key password
you can create JKS programatically without keystore password
in legacy key password is optional

Question is if we want to support these cases in EAP.

On the other hand:

truststore password in legacy is required
keystore password in legacy is required
changing from required to optional can be performed in future in backward compatible manner
requiring password is more secure

So from my PoV with Elytron we are compared to legacy little bit unsafe only with required key password. But that can be changed to optional easily in future if there will be customer case.

WDYT?

Attachments

Issue Links

is cloned by

WFCORE-3075 KeyStore password as default KeyManager password

Open

Activity

People

Assignee:: Ilia Vassilev

Reporter:: Martin Choma

Need Info From:: Darran Lofthouse, Jan Kalina (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2017/02/16 5:01 AM

Updated:: 2021/10/24 6:07 AM

Resolved:: 2018/03/07 1:23 PM