Change SimpleKeyStore to SecureKeyStore

24 views
Skip to first unread message

Fabio Arias

unread,
Dec 13, 2016, 11:18:38 AM12/13/16
to jpos-...@googlegroups.com
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

Alejandro Revilla

unread,
Dec 13, 2016, 12:15:53 PM12/13/16
to jPOS Users
You can store it in whatever form you want, you just need to implement `SecureKeyStore`which has a pretty simple interface.

You can use SimpleKeyStore as an example.



--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.
To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Victor Salaman

unread,
Dec 13, 2016, 12:23:51 PM12/13/16
to jpos-...@googlegroups.com
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

--

Alejandro Revilla

unread,
Dec 13, 2016, 12:31:03 PM12/13/16
to jPOS Users
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)





To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.

Victor Salaman

unread,
Dec 13, 2016, 12:32:58 PM12/13/16
to jpos-...@googlegroups.com
That's why I put them in a database, with ACLs, and column-level permissions :)

/V

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.

Fabio Arias

unread,
Dec 13, 2016, 12:35:16 PM12/13/16
to jPOS Users
Alejandro, how can i make it, its the problem we have, the auditor say they dont want to see the file content, just  i need something that they accept. 

Victor, but if we have in database today i dont know how i do that!, i need something really easy to do.

 

To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.
--

Alejandro Revilla

unread,
Dec 13, 2016, 12:40:29 PM12/13/16
to jPOS Users
Fabio,

What your auditor sees are not actually the keys. Those are the keys encrypted under the jPOS Local Master Keys, so it's kinda safe to see.

You can also add operating system level audit controls so that an alert is generated whenever that file is opened.




To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.
--
Fabio Arias
Consultor TI
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.

To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYjkK6vJRbaZ6moe7uLFC55tnxUfKAmEn3bhWoA19i3K1Q%40mail.gmail.com.

Fabio Arias

unread,
Dec 19, 2016, 2:25:39 PM12/19/16
to jPOS Users
Good Day Everyone, i told my client about the file and i waiting a respond for their, i got one new question, whats is the KEY the bank share with us.



To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
--
Fabio Arias
Consultor TI
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYjkK6vJRbaZ6moe7uLFC55tnxUfKAmEn3bhWoA19i3K1Q%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To post to this group, send email to jpos-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3DnLxjK1b1D02To8SNvvcpCMmR%3DfeKN0DdQZn34Df56ODQ%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Victor Salaman

unread,
Dec 19, 2016, 2:39:03 PM12/19/16
to jpos-...@googlegroups.com
Zone master key... Usually shared in component form.

Sent from my iPhone

Fabio Arias

unread,
Dec 19, 2016, 2:40:35 PM12/19/16
to jpos-...@googlegroups.com
Thanks Victor

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/C928A9AF-6C6C-46C0-937B-DE43C3DF8BD5%40gmail.com.

For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages