https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32078 Bug ID: 32078 Summary: We should have an easy way for an administrator to update the encryption keys Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Command-line Utilities Assignee: koha-bugs@lists.koha-community.org Reporter: martin.renvoize@ptfs-europe.com QA Contact: testopia@bugs.koha-community.org CC: robin@catalyst.net.nz We now use encryption on a number of Koha database fields and utilise a key sorted in koha-conf.xml.. However, we have no easy way to change key should that key be leaked or found to be to simple to crack. We should add a script to allow updating of our encrpyted values from one key to the next... (or alternatively, perhaps we should allow for an array of keys in our config and update the encryption on access whenever we find an prior key is in use?.. I believe this is what we did when we upgraded from SHA to BCrypt for user passwords). -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.