[Koha-bugs] [Bug 32078] New: We should have an easy way for an administrator to update the encryption keys

Wed Nov 2 17:00:44 CET 2022

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32078

            Bug ID: 32078
           Summary: We should have an easy way for an administrator to
                    update the encryption keys
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Command-line Utilities
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: martin.renvoize at ptfs-europe.com
        QA Contact: testopia at bugs.koha-community.org
                CC: robin at catalyst.net.nz

We now use encryption on a number of Koha database fields and utilise a key
sorted in koha-conf.xml..

However, we have no easy way to change key should that key be leaked or found
to be to simple to crack.  We should add a script to allow updating of our
encrpyted values from one key to the next... (or alternatively, perhaps we
should allow for an array of keys in our config and update the encryption on
access whenever we find an prior key is in use?.. I believe this is what we did
when we upgraded from SHA to BCrypt for user passwords).

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.