Task #1163
closed
Encryption key on confidential storage cannot be changed
Added by Petr Fišer over 6 years ago.
Updated over 6 years ago.
Category:
Confidential Storage
Description
Once set up, the confidential storage key cannot be changed.
I encountered this problem on a project - due to a typo in configuration, the demo key was used. I found out after connecting end systems and syncing users.
To correct the issue, the only way is to delete whole IdM database, change the encryption key, and configure everything anew.
Is it possible to change confidential storage encryption key without destroying data (provided I know the old key)? If yes, how? If no, please add such a feature.
When changing to stronger keys on already established IdM installation, this could be a lifesaver.
In current implementation of confidential storage isn't possible change confidential key during production mode. This key must be same for idm lifetime. In CzechIdM installation tutorial is required step with generate new key for production, this step is highly required, because after insert first value into confidential storage doesnt exists way how to change key for crypt.
It is possible to create new long running task that recrypt all values in confidential storage with new key. But isn't this security risk? Implementation of this LRT isn't hard, but it will be better to discuss this with Zdenek.
I too am not really sure that we should have this feature directly in the IdM. But we have to have some way of changing the key.
This definitely needs some design.
- Status changed from New to In Progress
- Target version set to Lapis (8.2.0)
- Status changed from In Progress to Needs feedback
- % Done changed from 0 to 90
I implemented new long running task: ChangeConfidentialStorageKey. This task must be started after you change confidential storage key to new (this behavior is required). As parameter is given old storage key (the old key will be saved as parameter in LRT and it is visible in plain text).
Changes in API:
- to confidential storage was added new method changeCryptKey, the method read value and decrypt it with old key and resave with new key,
- method toDto in confidetial storage service was updated with trimmed behavior - if dto is trimmed, value will not be decrypted. (in standart behavior is this service used only for agenda), standart get works correctly (value will be decrypted)
tests are included.
Hardest thing on the feature was tests, I'm little bit stuck on it :(
documentation update:
commit: https://github.com/bcvsolutions/CzechIdMng/commit/b39826f4ab2c16726637481700d77fec636a9cc1 (branch develop)
Please Radek could you make a review? Thank you.
- Assignee changed from Ondřej Kopr to Radek Tomiška
- Status changed from Needs feedback to Closed
- Assignee changed from Radek Tomiška to Ondřej Kopr
- % Done changed from 90 to 100
Also available in: Atom
PDF
