[asterisk-users] Hide the plain text password
Richard Kenner
kenner at gnat.com
Tue Feb 15 07:17:20 CST 2011
> #include the password (a file the line 'secret=') from a local file on
> the file system. The user has no access to it, right?
Right, but we're not talking ONE password, but ANY password. Having
dozens of those files, one for each password, gets to be a real pain
really fast. And you STILL want CM control of password changes even
if you're storing the encrypted versions: you want to be able to go
back to an old password, even if you don't know what it is.
> One test for you to consider: are the users able to use the "encrypted"
> configuration item in a different Asterisk system (without your
> concent)?
Of course not! It would be useless if that were the case: the whole
point here would be that you need the master encryption key.
Here's a possible design:
- There's optionally a file in the config
directory called "master_key". It contains just a string.
- A CLI command "core encrypt <string>" is added to Asterisk. It takes the
provided string, encrypts it using the string in master_key, and outputs
a string of the form "{enc:<encrypted_version_of_string}".
- The config file reader looks for strings of the form "{enc:<string>}:
and replaces them, before otherwise parsing the line, with the decrypted
version of the string using the key in the "master_key" file.
More information about the asterisk-users
mailing list