https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34976 --- Comment #7 from David Cook <dcook@prosentient.com.au> --- (In reply to Marcel de Rooy from comment #3)
Interesting question though would be: How would you get one key and not the others? And underlying, is koha-conf the best place to save them?
(In reply to Liz Rea from comment #4)
At the point you have access to root to get the koha-conf, you have everything including the database and all of the keys anyway (because you can become koha-mysql or koha-dump the whole thing) and all of the keys are right there in the koha-conf.
While I agree that one key does allow access to more things, the added complexity of multiple keys... the idea of it makes me very tired, for a really negligible gain in security.
Yeah, multiple keys doesn't help if an attacker has access to all the keys. There are a few pros to having multiple keys though. One is that if an attacker cracks 1 key, they only get access to some of the information. They have to keep cracking keys to get the rest of the info. Another pro is that having multiple keys allows you to change keys and encryption methods. (Earlier in the year, OpenAthens changed their encryption keys for their SAML communications. While they advertised multiple available public keys, unfortunately, Keycloak's SAML functionality could only store and use 1 public key, and so I had to manually change the keys around the same time that they changed the private key they used. Fortunately, the decryption was for on demand responses and not stored thousands of rows of encrypted database data, but still a pain especially given the different timezones...) I've also recently been involved in some Keycloak upgrades recently, and they've re-hashed their passwords to use different hashing algorithms. To do that, they stored metadata about the crypto options alongside the hashed passwords. (At some point, we'll have to do the same thing in Koha.) Eventually, the encryption algorithms we're using will no longer be safe, and we'll need to re-encrypt the data, and we'll effectively need to use multiple keys: 1 to decrypt and a new 1 to re-encrypt. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.