[英]What does Adobe CryptoSupport use for hashing?
I've read about the Adobe CryptoSupport that is now in CQ5.5+, which is meant to provide a utility for encrypting and decrypting data, for example, to store API keys in the JCR more securely. 我已经阅读了CQ5.5 +中的Adobe CryptoSupport,它旨在提供用于加密和解密数据的实用程序,例如,将API密钥更安全地存储在JCR中。
The JavaDocs or the general Adobe documentation give no details on its implementation, just stating that: JavaDocs或一般的Adobe文档没有提供有关其实现的详细信息,只是指出:
Note that this method and the
decrypt(byte[])
method provide full round trip support:请注意,此方法和
decrypt(byte[])
方法提供完整的往返支持:decrypt(encrypt(plainText)).equals(plainText) == true
Please note, that calling this method twice on the same
plainText
does not return the same cipher text:请注意,在相同的
plainText
上两次调用此方法不会返回相同的密文:encrypt(plainText).equals(encrypt(plainText)) == false
This is reasonably useful, but what it doesn't tell me is how these ciphers are enncrypted to begin with. 这是相当有用的,但是没有告诉我的是这些密码是如何开始加密的。 I've tried encrypting on one CQ instance & decrypting on another, but this doesn't seem to work.
我曾尝试在一个CQ实例上加密并在另一个CQ实例上解密,但这似乎不起作用。
To use this feature with confidence, I'd like to know on what CQ bases its encrypted. 为了放心使用此功能,我想知道什么CQ对其加密。 There are two main concerns I have:
我主要有两个问题:
Bundle description in the Felix console states that Felix控制台中的捆绑包描述指出:
The Crypto Support bundle provides a CryptoSupport services which allows applications to encrypt and decrypt binary and String data.
Crypto Support捆绑包提供了CryptoSupport服务,该服务允许应用程序对二进制和String数据进行加密和解密。 Encryption is based on the symmetric AES/CBC/PKCS5Padding (AES algorithm, CBC mode with PKCS5 padding) from the RSA JSafe libary.
加密基于RSA JSafe库中的对称AES / CBC / PKCS5Padding(AES算法,带有PKCS5填充的CBC模式)。
Key is randomly generated during the first start of the Adobe Granite Crypto Support bundle and then saved as /etc/key/master
property. 密钥是在Adobe Granite Crypto Support捆绑包的首次启动期间随机生成的,然后另存为
/etc/key/master
属性。
It is per-instance by design and I don't think it's a good idea to move this key between CQ installations.
它是按实例设计的,我认为在CQ安装之间移动此密钥不是一个好主意。
Actually, Adobe says it's a good idea to move key between author and publish instances. 实际上,Adobe 表示在作者和发布实例之间移动密钥是一个好主意 。
Answering your questions: 回答您的问题:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.