On 01-Nov-2011, at 6:41 PM, Trond Strømme wrote:
> HI,
> IHAC that is asking how a password substituted by an alias (to avoid having the password in cleartext in domain.xml) is encrypted.
> Details such as the algorithm and what serves as the key would be nice, or if anyone can point me to some documentation or source code for this.
> They ask because their security group want to know how the passwords are encrypted and with which algorithm.
>
> --
It makes use of a JCEKS store as the secretkey store.
"jceks" is an alternate proprietary keystore format to "jks" that uses much stronger encryption in the form of Password-Based Encryption with Triple-DES.
http://download.oracle.com/javase/1,5.0/docs/api/java/security/KeyStore.html
>
> Trond Strømme
> trond.stromme_at_oracle.com
> Oracle EMEA Advanced Customer Services
> +47 975 09 388
> http://blogs.oracle.com/tronds
>
> This transmission is intended only for the use of the addressee and may contain confidential or legally privileged information. If you are not the intended recipient, you are notified that any retransmission, dissemination, disclosure or other use of, or taking any action in reliance upon, this communication is strictly prohibited. If you have received this transmission in error please notify us immediately and delete all copies of this transmission together with any attachments.
>
>
>