[asterisk-users] Hide the plain text password
Benny Amorsen
benny+usenet at amorsen.dk
Wed Feb 16 07:30:34 CST 2011
kenner at gnat.com (Richard Kenner) writes:
> Here's a possible design:
>
> - There's optionally a file in the config
> directory called "master_key". It contains just a string.
>
> - A CLI command "core encrypt <string>" is added to Asterisk. It takes the
> provided string, encrypts it using the string in master_key, and outputs
> a string of the form "{enc:<encrypted_version_of_string}".
>
> - The config file reader looks for strings of the form "{enc:<string>}:
> and replaces them, before otherwise parsing the line, with the decrypted
> version of the string using the key in the "master_key" file.
This sounds pretty reasonable, except perhaps that you might only want
to convert strings in password fields -- otherwise you risk false
positives in e.g. the dial plan.
I can recommend contracting with one of the indepedent Asterisk
developers to get this done. You will likely find them on the
Asterisk-biz-list.
/Benny
More information about the asterisk-users
mailing list