Adobe CryptoSupport用于哈希处理什么?
[英]What does Adobe CryptoSupport use for hashing?
问题描述
I've read about the Adobe CryptoSupport that is now in CQ5.5+, which is meant to provide a utility for encrypting and decrypting data, for example, to store API keys in the JCR more securely. 
我已经阅读了CQ5.5 +中的Adobe CryptoSupport,它旨在提供用于加密和解密数据的实用程序,例如,将API密钥更安全地存储在JCR中。
The JavaDocs or the general Adobe documentation give no details on its implementation, just stating that: JavaDocs或一般的Adobe文档没有提供有关其实现的详细信息,只是指出:
Note that this method and the
decrypt(byte[])method provide full round trip support:decrypt(byte[])方法提供完整的往返支持:decrypt(encrypt(plainText)).equals(plainText) == truePlease note, that calling this method twice on the same
plainTextdoes not return the same cipher text:plainText上两次调用此方法不会返回相同的密文:encrypt(plainText).equals(encrypt(plainText)) == false
This is reasonably useful, but what it doesn't tell me is how these ciphers are enncrypted to begin with. 这是相当有用的,但是没有告诉我的是这些密码是如何开始加密的。 I've tried encrypting on one CQ instance & decrypting on another, but this doesn't seem to work. 我曾尝试在一个CQ实例上加密并在另一个CQ实例上解密,但这似乎不起作用。
To use this feature with confidence, I'd like to know on what CQ bases its encrypted. 为了放心使用此功能,我想知道什么CQ对其加密。 There are two main concerns I have: 我主要有两个问题:
- How do I know that the service is salted (think that's the correct term) based on something secure? 我怎么知道服务是基于安全的东西加盐的(认为这是正确的术语)? Or if it needs to be configured, how do I do that? 或者,如果需要对其进行配置,我该怎么做? (ie does it use the equivalent level of security OOTB as a log-in of 'admin/admin'!) (即它是否使用等效级别的OOTB安全性作为“ admin / admin”的登录!)
- If the encryption is environment specific, does this mean that I cannot encrypt data & then transfer across between servers? 如果加密是特定于环境的,这是否意味着我无法加密数据然后在服务器之间进行传输?
1 个解决方案
解决方案1
5 已采纳 2013-12-02 20:50:06
Bundle description in the Felix console states that Felix控制台中的捆绑包描述指出:
The Crypto Support bundle provides a CryptoSupport services which allows applications to encrypt and decrypt binary and String data.
Key is randomly generated during the first start of the Adobe Granite Crypto Support bundle and then saved as /etc/key/master property. 密钥是在Adobe Granite Crypto Support捆绑包的首次启动期间随机生成的,然后另存为/etc/key/master属性。
It is per-instance by design and I don't think it's a good idea to move this key between CQ installations.
它是按实例设计的,我认为在CQ安装之间移动此密钥不是一个好主意。
Actually, Adobe says it's a good idea to move key between author and publish instances. 实际上,Adobe 表示在作者和发布实例之间移动密钥是一个好主意 。
Answering your questions: 回答您的问题:
- you don't need to worry about configuring the service as it's done automatically during the first bundle activation, 您无需担心配置服务,因为在首次激活捆绑软件期间会自动完成该服务,
- you can move encrypted data from one instance to another as long as you also move the key. 您也可以将加密的数据从一个实例移动到另一个实例,只要您还移动密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.