[lsc-users] Symmetric encryption : how to share the secret key ?

Clément OUDOT clem.oudot at gmail.com
Wed Oct 29 15:49:49 CET 2014


2014-10-29 15:45 GMT+01:00 Eric Cassette <Eric.Cassette at univ-lille1.fr>:

> Hello lsc-users,
>
> I need to synchronize an OpenLDAP Directory to a MS Active-Directory (It's
> never too late for that ;-)), and I choose LSC to do that.
>
> After the reading of the archives of this mailing-list (many thanks to all
> the contributors), I have been able to define the tasks to synchronize the
> users and the groups.
>
> Now, I am testing the symmetric encryption of an attribute (guess wich
> attribute ;-))...
>
> Following http://lsc-project.org/wiki/documentation/latest/
> configuration/syncoptions/security, I have generated a random key file
> ("lsc.key") for the default AES-128 bits encryption, and played
> successfully with the "SecurityUtils.encrypt"and "SecurityUtils.decrypt"
> functions.
>
> Now, I need to share the secret key with the people that manage the
> OpenLdap directory, but I don't know how to retrieve this information from
> the content of the "lsc.key" file ?
> I thought that the content of the key file was the 128 bits value of the
> secret key, but the size of the file is 24 bytes (192 bits)... So, I am
> lost.
>
> Another solution could be to share a secret key choosen by the OpenLDAP
> team, but, in that case, how to create the correct lsc.key file ?
>
>
Hi Eric,

you can also use an ASCII lsc.key file, just set a passphrase into it with
a standard editor. This passphrase can be communicated to trusted people.


Clément.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20141029/630b243c/attachment.htm>


More information about the lsc-users mailing list