Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62351

Improve master key encryption

    XMLWordPrintable

Details

    Description

      Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

      This restriction was lifted in Java 9 and 11, and after JDK8u162.

      To improve security of all secrets in Jenkins, I purpose to increase the limit of this key.

       

      Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

       

      Would anyone have any opinion on that?

       

      This improvement can be applied to the credentials-plugin too.

       

      Update : relation with JENKINS-61373

       

      Attachments

        Activity

          mat1e mat1e created issue -
          mat1e mat1e made changes -
          Field Original Value New Value
          Description Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

          This restriction was lifted in Java 9 and 11, and after JDK8u162.

          To enchance the security of all secrets in Jenkins, I purpose to increase the limit of this key.

           

          Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

           

          Would anyone have any opinion on that?

           

          This improvement can be applied the credentials-plugin too.

           
          Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

          This restriction was lifted in Java 9 and 11, and after JDK8u162.

          To enchance the security of all secrets in Jenkins, I purpose to increase the limit of this key.

           

          Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

           

          Would anyone have any opinion on that?

           

          This improvement can be applied the credentials-plugin too.

           

          Update : relation with JENKINS-61373

           
          mat1e mat1e made changes -
          Description Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

          This restriction was lifted in Java 9 and 11, and after JDK8u162.

          To enchance the security of all secrets in Jenkins, I purpose to increase the limit of this key.

           

          Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

           

          Would anyone have any opinion on that?

           

          This improvement can be applied the credentials-plugin too.

           

          Update : relation with JENKINS-61373

           
          Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

          This restriction was lifted in Java 9 and 11, and after JDK8u162.

          To improve security of all secrets in Jenkins, I purpose to increase the limit of this key.

           

          Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

           

          Would anyone have any opinion on that?

           

          This improvement can be applied the credentials-plugin too.

           

          Update : relation with JENKINS-61373

           
          mat1e mat1e made changes -
          Description Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

          This restriction was lifted in Java 9 and 11, and after JDK8u162.

          To improve security of all secrets in Jenkins, I purpose to increase the limit of this key.

           

          Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

           

          Would anyone have any opinion on that?

           

          This improvement can be applied the credentials-plugin too.

           

          Update : relation with JENKINS-61373

           
          Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

          This restriction was lifted in Java 9 and 11, and after JDK8u162.

          To improve security of all secrets in Jenkins, I purpose to increase the limit of this key.

           

          Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.

           

          Would anyone have any opinion on that?

           

          This improvement can be applied to the credentials-plugin too.

           

          Update : relation with JENKINS-61373

           

          People

            Unassigned Unassigned
            mat1e mat1e
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: