Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2602

Provide options to encrypt backend contents, changelogs, log files, exported data, and backups

    Details

    • Type: Epic
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0, 3.5.0
    • Fix Version/s: 4.0.0
    • Component/s: security
    • Labels:
      None
    • Epic Name:
      Encrypt data at rest
    • Epic Status:
      Done

      Description

      It should be possible to configure OpenDJ to encrypt and, in some cases, sign any data at rest. Specifically:

      • user data stored in pluggable backends: id2entry, equality index keys (hashed), and possibly substring index values (not keys)
      • replication changelog: replica DB records must be encrypted
      • Import / Export (sign, hash, and/or encrypt)

      Non-requirements:

      • hashing and signing of the changelog in order to detect tampering
      • encryption of the access log. Note that CAUD provides some support for tamper detection
      • encryption of configuration files, e.g. config.ldif.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                matthew Matthew Swift
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: