Encryption algorithm used for a JCEKS keystore while creating Credential Store
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7.x
- Red Hat JBoss Enterprise Application Platform (EAP)
- 7.x
Issue
- While creating Credential Store keystore (JCEKS) below command is used where the encryption algorithm is not mentioned explicitly. In that case which encryption algorithm used by default ?
- /subsystem=elytron/credential-store=exampleKeyStoreCredentialStore:add(path="exampleKeyStoreCredentialStore.jceks", relative-to=jboss.server.data.dir, credential-reference={clear-text=password}, create=true)
Resolution
- A KeyStore (JCEKS) is not encrypted. A store password is used just to check integrity with a hash value in a KeyStore. A private key in a KeyStore (JCEKS) is encrypted by 3DES with a key password.
- Default Keysize of Triple DES is 168, but effective key size could be 112. See Document
- A more stronger algorithm was requested in Feature Request which is still Unresolved state.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments