Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2616

Support protection of pluggable backend data at rest

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0, 3.5.0
    • Fix Version/s: 4.0.0, 3.5.0
    • Component/s: backends, security
    • Labels:
      None

      Description

      This issue can be started once OPENDJ-2615 has been completed and can be closed once the pluggable backend has full support for encrypting id2entry, substring index ID lists, and hashing equality and approx index keys.

      Enabling this feature should not have a dramatic impact on performance, although some impact is expected (10% or so?).

      Suggested fix:

      Use the CryptoManager for generating confidential content. It will also manage key generation and distribution, which is important for functionality like binary copy (backup on one server and restore on another).

      Take a look at AESPasswordStorageScheme for inspiration. Note how the crypto manager embeds the key identifier in encrypted content.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fabiop Fabio Pistolesi
                Reporter:
                matthew Matthew Swift
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: