[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] encryption of private key

To: Scott Yeadon <scott.yeadon@anu.edu.au>
Subject: Re: [Handle-info] encryption of private key
From: Sean Reilly <sreilly@cnri.reston.va.us>
Date: Wed, 8 Oct 2008 11:26:26 -0400
Cc: handle-info@cnri.reston.va.us
In-reply-to: <0K8E002XQKJ75960@messaging1.anu.edu.au>
List-archive: <http://www.handle.net/mailman/private/handle-info/>
List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>
List-id: Handle System Information Mailing List <handle-info.cnri.reston.va.us>
List-post: <mailto:handle-info@cnri.reston.va.us>
List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>
List-unsubscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>
References: <0K8E002XQKJ75960@messaging1.anu.edu.au>
Sender: handle-info-admin@cnri.reston.va.us

Hi Scott,

The reason you would encrypt the private key is in case someone broke into your machine and stole the private key file. Of course, if you are loading the private key into a tomcat service then you will likely need to store the passphrase as an init-param anyway, so you are right that this isn't really any better than simply storing the key unencrypted.

I assume your service doesn't require users sending their private key and/or passphrase over the net. If so, we should talk :)

If you want to change your private key from encrypted to unencrypted you won't need to resubmit your site bundle, you can just use the following command to remove the encryption (but keep the same key pair):

java -cp handle.jar net.handle.apps.tools.KeyUtil <privatekeyfile>

If you actually generate a new key pair for the server (not the adminpriv/adminpub pair) then you would need to resubmit your site bundle.

Thanks,
Sean

On Oct 8, 2008, at 12:30 AM, Scott Yeadon wrote:

Hi,

I installed a development handle server and have just started playing with the client API. I configured an encrypted private key but am now wondering if that was really necessary,

If we're running a handle client and server on the same machine and the client API is part of separately authenticated services is it better to *not* encrypt the private key? The authentication against access to the services provides the mechanism for determining whether someone actually is who they say they are so any passphrase appears superfluous. Whenever the client needs to do anything in the admin realm the passphrase is required to decrypt the key, meaning the storage of the key in plain text (either file or Tomcat init- param, for example) will be required which seems an unnecessary overhead and could be more insecure than just the private key sitting in a non-web-accessible area. I couldn't find any guidelines on when to use encrypted or unencrypted keys but presumably encryption would only be needed where a user interface is required to authenticate a user directly against handle services. Can anyone confirm this?

I assume a change from an encrypted private key to unencrypted private key requires the sitebundle to be resubmitted?

Thanks.

Scott.
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Follow-Ups:
- Re: [Handle-info] encryption of private key
  - From: Scott Yeadon <scott.yeadon@anu.edu.au>

References:
- [Handle-info] encryption of private key
  - From: Scott Yeadon <scott.yeadon@anu.edu.au>

Prev by Date: [Handle-info] OpenHandle JavaScript API
Next by Date: Re: [Handle-info] encryption of private key
Previous by thread: [Handle-info] encryption of private key
Next by thread: Re: [Handle-info] encryption of private key
Index(es):
- Date
- Thread