[Koha-bugs] [Bug 32078] New: We should have an easy way for an administrator to update the encryption keys
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 2 17:00:44 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32078
Bug ID: 32078
Summary: We should have an easy way for an administrator to
update the encryption keys
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Command-line Utilities
Assignee: koha-bugs at lists.koha-community.org
Reporter: martin.renvoize at ptfs-europe.com
QA Contact: testopia at bugs.koha-community.org
CC: robin at catalyst.net.nz
We now use encryption on a number of Koha database fields and utilise a key
sorted in koha-conf.xml..
However, we have no easy way to change key should that key be leaked or found
to be to simple to crack. We should add a script to allow updating of our
encrpyted values from one key to the next... (or alternatively, perhaps we
should allow for an array of keys in our config and update the encryption on
access whenever we find an prior key is in use?.. I believe this is what we did
when we upgraded from SHA to BCrypt for user passwords).
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list