https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34976 Bug ID: 34976 Summary: Encryption keys should not be shared between modules Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: m.de.rooy@rijksmuseum.nl QA Contact: testopia@bugs.koha-community.org At this time we are using the encryption key in koha-conf to encrypt stuff for 2FA, EDI and Acquisition already. The key was introduced for 2FA. I think that it would be better to differentiate and use separate keys for various processes in Koha. For instance, the key for 2FA should be used exclusively for that purpose. We could consider if that is needed also for EDI and Acq since these are related modules. They could use one or two new keys. When adding a new call to Encryption, we should think about it. Perhaps this would be forced a bit more by passing a parameter to K::E indicating which key to use? Opening the discussion :) What do you think? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.