[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?

Tim Panton thp at westhawk.co.uk
Thu Aug 21 04:39:59 CDT 2008


On 20 Aug 2008, at 18:00, Eric Chamberlain wrote:

> We are exploring using Asterisk for a project and we are looking for a
> way to encrypt/decrypt the peer passwords stored in the realtime
> database (postrges).
>
> Ideally, we want to use a public key to encrypt the passwords before
> they go into the database and have Asterisk use a private key to
> decrypt the password as part of the call out process.
>
> Has anyone developed something like this?

I haven't done this in asterisk, but we did do a selective
encryption layer for a database on a non-voip project.

First - understand what you are protecting against:
We wanted to be sure that if the backup/sever/tapes/disk were
stolen then the personal data in the database would not be
accessible without the private key.

The way this worked was a bit oracle specific, but
the same concepts are available in postgress.

Basically you have a base table containing the encrypted fields,
this is what is stored on the disk. You then layer on a view (with
appropriate triggers/stored procedures) and the application
(asterisk realtime in your case) uses this view.

The view takes the encrypted fields from the base table and decrypts
them before returning the data to the application.

The trick is that the key is stored in the user's login session (ie in  
memory)
and is initialized at startup (either by typing or from somewhere that  
isn't the
disk - think of a flash drive superglued to the wall :-) with asterisk  
I'd
be tempted to have it call me and I have to dtmf the key in! 



More information about the asterisk-users mailing list