Fork me on GitHub

n. Slang a rough lawless young Kuali developer.
[perhaps variant of Houlihan, Irish surname]
kualiganism n

Blog of an rSmart Java Developer. Full of code examples, solutions, best practices, et al.

Thursday, July 26, 2012

How I Setup My KFS Instance Built from Archetype

This is related to KFS Maven Overlays Made Easy. I didn't give details on how I configured my environment because I felt that's really a post in itself. I'm going to show/describe what configuration files I use and how I went about encrypting my passwords.

Encrypting Passwords

Ok. I'm going to break this down into the following:
  • Creating a PEM public key.
  • Adding the private/public keypair to $HOME/kuali/main/dev/rice.keystore
  • Encrypting the password with the public key

1 Create a PEM public key

I don't need to generate a private/public keypair because I'm using my SSH keys for this. Of course, you could generate your own public/private keypairs with openssl. That's fine, but I'm assuming you're like me and you already have an SSH keypair. Now you just need to create a PEM public key because your SSH RSA public key just isn't going to cut it.



The above will create you a nice little id_rsa.pem file. That's your PEM public key.

2 Import your RSA Private/Public Keys

For the files necessary refer to my post Decryption/ReEncryption With the DemonstrationGradeEncryptionServiceImpl. Don't let the name fool you. There's a RsaEncryptionServiceImpl.java in there. Even if you don't use it to replace the DemonstrationGradeEncryptionServiceImpl, you can use it to import your Private/Public keys into your rice.keystore.



You can show your keys like this:



3 Now we want to encrypt our password




The Whole Process went like this for me




My Config

This is what my config ended up looking like. Since I'm working on tem, I have a $HOME/kuali/main/dev/kfs-tem-config.xml



Enjoy

Hope this helps you to setup your config that you can now store in your institution's VCS.

3 comments:

  1. Hi Leo,
    Battling to complete Step 2. Do I need to checkout code from some special branch? Where can I find "RsaEncryptionServiceImpl" you are calling? I copied and pasted above class from one of your previous posts but it also failed with some obscure exception: "DerInputStream.getLength(): lengthTag=127, too big"

    ReplyDelete
    Replies
    1. @Dylan you want to use the service found here https://gist.github.com/raw/3054080/7615e86593cae3c10ad23548539a7113eb9f16b9/RsaEncryptionServiceImpl.java

      After step 1, you should have a public key that looks like:
      -----BEGIN PUBLIC KEY-----
      MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAxjfemwgW+ZjFkwD4mFlI
      9jGdr9Fz46PBGL4i07ueLatpxpAMiP+D92Js8NFcIQkwiEjDEhkqT3vHyHHtqUkh
      +N+mFnCaeyupxsRlpGJ37OnRURTF7XKG6vIeYiHQRDJ/JpmAR2602roA1O1HOqbM
      G6s2KGsiTTtzfvak9QMckgDk65IPnBX27V8+S5kQqtPDO/Mixg2JXqmXPTm5IbAz
      TfjLBnEEPFcN5IvF4RWQ6Jj/QcDVqQTuw194RQxhWzDi4/RkFNyMJHG6o20CQf3f
      rYlhz35RjNELhesdCCzr21a+mfkpI0jxrU63kx+6Qo25XfN1gg35EwZBsKjnRHMS
      appxBSfsG/DdLVYxayDVS0OJIgFGlI4a4qXnasiETRky3lUsB/gC92lwlCVtqAgI
      qZj9ny72yy+xFqZJPWzvW+KVZoKq4pfugVVxfxaNx+jGhsqqqlmVOTF5319c9q4a
      CyHY//LXnbvqXpZE+p2jKp/JabEG453mQPBWcofFhxWU/VEOoj7ATm9wpKff74Di
      Dp9bWz4V5lkOya0maEhOnkbppkB37+6zDfPul8TwYpTj9w1bcxnRH6LbwJIS8CjO
      xddut9j6SEL+y7D8eXlAsA7veo89niqGn2WO19PoPjg5nkl11PiC4RMZOAaYnfQF
      jYSMsW8A5m1Yds8l3FSenP8CASM=
      -----END PUBLIC KEY-----

      Also, make sure when you run step 2 that the id_rsa and id_rsa.pem are in the current working directory. The application requires private and public keys to be inserted into the keystore, so it will look and require both.

      Delete
  2. Just a note, and I don't know if this is env specific but my private key starts with "-----BEGIN RSA PRIVATE KEY-----" and not "-----BEGIN PRIVATE KEY-----" That causes the program to skip removal of markers (line 185) and fails the process with some arb exception.

    ReplyDelete