[jpos-users] Change SimpleKeyStore to SecureKeyStore

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jpos-users] Change SimpleKeyStore to SecureKeyStore

Fabio Arias
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Alejandro Revilla
You can store it in whatever form you want, you just need to implement `SecureKeyStore`which has a pretty simple interface.

You can use SimpleKeyStore as an example.



On Tue, Dec 13, 2016 at 1:18 PM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3D%3DbZLAwfMNYwk1VCG2M4YCdpVPp1R-g9dJRP%2B7F2jME-g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Victor Salaman-Medina
In reply to this post by Fabio Arias
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Alejandro Revilla
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)





On Tue, Dec 13, 2016 at 2:23 PM, Victor Salaman <[hidden email]> wrote:
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Victor Salaman-Medina
That's why I put them in a database, with ACLs, and column-level permissions :)

/V

On Tue, Dec 13, 2016 at 12:30 PM, Alejandro Revilla <[hidden email]> wrote:
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)





On Tue, Dec 13, 2016 at 2:23 PM, Victor Salaman <[hidden email]> wrote:
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1SywOJ_fp-rHQ_%3Do-7NQEkBXAvDtuPN2Q94y3%2BCd_bTOW5A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Fabio Arias
In reply to this post by Alejandro Revilla
Alejandro, how can i make it, its the problem we have, the auditor say they dont want to see the file content, just  i need something that they accept. 

Victor, but if we have in database today i dont know how i do that!, i need something really easy to do.

 

El mar., 13 de dic. de 2016 a la(s) 10:31, Alejandro Revilla <[hidden email]> escribió:
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)




On Tue, Dec 13, 2016 at 2:23 PM, Victor Salaman <[hidden email]> wrote:
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYjkK6vJRbaZ6moe7uLFC55tnxUfKAmEn3bhWoA19i3K1Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Alejandro Revilla
Fabio,

What your auditor sees are not actually the keys. Those are the keys encrypted under the jPOS Local Master Keys, so it's kinda safe to see.

You can also add operating system level audit controls so that an alert is generated whenever that file is opened.




On Tue, Dec 13, 2016 at 2:35 PM, Fabio Arias <[hidden email]> wrote:
Alejandro, how can i make it, its the problem we have, the auditor say they dont want to see the file content, just  i need something that they accept. 

Victor, but if we have in database today i dont know how i do that!, i need something really easy to do.

 

El mar., 13 de dic. de 2016 a la(s) 10:31, Alejandro Revilla <[hidden email]> escribió:
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)




On Tue, Dec 13, 2016 at 2:23 PM, Victor Salaman <[hidden email]> wrote:
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="m_-239538572290354909gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYjkK6vJRbaZ6moe7uLFC55tnxUfKAmEn3bhWoA19i3K1Q%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3DnLxjK1b1D02To8SNvvcpCMmR%3DfeKN0DdQZn34Df56ODQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Fabio Arias
Good Day Everyone, i told my client about the file and i waiting a respond for their, i got one new question, whats is the KEY the bank share with us.



El mar., 13 de dic. de 2016 a la(s) 10:40, Alejandro Revilla <[hidden email]> escribió:
Fabio,

What your auditor sees are not actually the keys. Those are the keys encrypted under the jPOS Local Master Keys, so it's kinda safe to see.

You can also add operating system level audit controls so that an alert is generated whenever that file is opened.




On Tue, Dec 13, 2016 at 2:35 PM, Fabio Arias <[hidden email]> wrote:
Alejandro, how can i make it, its the problem we have, the auditor say they dont want to see the file content, just  i need something that they accept. 

Victor, but if we have in database today i dont know how i do that!, i need something really easy to do.

 

El mar., 13 de dic. de 2016 a la(s) 10:31, Alejandro Revilla <[hidden email]> escribió:
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)




On Tue, Dec 13, 2016 at 2:23 PM, Victor Salaman <[hidden email]> wrote:
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="m_-3197477217537490470m_-239538572290354909gmail_msg gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].

For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3DnLxjK1b1D02To8SNvvcpCMmR%3DfeKN0DdQZn34Df56ODQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYhd2RF_6%2BdSsYDGdAq13z8nJuVQS0%2BvTGr__45K2VwFrQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Victor Salaman-Medina
Zone master key... Usually shared in component form.

Sent from my iPhone

On Dec 19, 2016, at 2:25 PM, Fabio Arias <[hidden email]> wrote:

Good Day Everyone, i told my client about the file and i waiting a respond for their, i got one new question, whats is the KEY the bank share with us.



El mar., 13 de dic. de 2016 a la(s) 10:40, Alejandro Revilla <[hidden email]> escribió:
Fabio,

What your auditor sees are not actually the keys. Those are the keys encrypted under the jPOS Local Master Keys, so it's kinda safe to see.

You can also add operating system level audit controls so that an alert is generated whenever that file is opened.




On Tue, Dec 13, 2016 at 2:35 PM, Fabio Arias <[hidden email]> wrote:
Alejandro, how can i make it, its the problem we have, the auditor say they dont want to see the file content, just  i need something that they accept. 

Victor, but if we have in database today i dont know how i do that!, i need something really easy to do.

 

El mar., 13 de dic. de 2016 a la(s) 10:31, Alejandro Revilla <[hidden email]> escribió:
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)




On Tue, Dec 13, 2016 at 2:23 PM, Victor Salaman <[hidden email]> wrote:
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="m_-3197477217537490470m_-239538572290354909gmail_msg gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].

For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3DnLxjK1b1D02To8SNvvcpCMmR%3DfeKN0DdQZn34Df56ODQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYhd2RF_6%2BdSsYDGdAq13z8nJuVQS0%2BvTGr__45K2VwFrQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/C928A9AF-6C6C-46C0-937B-DE43C3DF8BD5%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [jpos-users] Change SimpleKeyStore to SecureKeyStore

Fabio Arias
Thanks Victor

El lun., 19 de dic. de 2016 a la(s) 12:39, Victor Salaman <[hidden email]> escribió:
Zone master key... Usually shared in component form.

Sent from my iPhone

On Dec 19, 2016, at 2:25 PM, Fabio Arias <[hidden email]> wrote:

Good Day Everyone, i told my client about the file and i waiting a respond for their, i got one new question, whats is the KEY the bank share with us.



El mar., 13 de dic. de 2016 a la(s) 10:40, Alejandro Revilla <[hidden email]> escribió:
Fabio,

What your auditor sees are not actually the keys. Those are the keys encrypted under the jPOS Local Master Keys, so it's kinda safe to see.

You can also add operating system level audit controls so that an alert is generated whenever that file is opened.




On Tue, Dec 13, 2016 at 2:35 PM, Fabio Arias <[hidden email]> wrote:
Alejandro, how can i make it, its the problem we have, the auditor say they dont want to see the file content, just  i need something that they accept. 

Victor, but if we have in database today i dont know how i do that!, i need something really easy to do.

 

El mar., 13 de dic. de 2016 a la(s) 10:31, Alejandro Revilla <[hidden email]> escribió:
While they are encrypted, most auditors cry because they can see it with a 'cat' (actually with a TYPE). If you put it in a .jks file, it's still there, but just because they don't know how to see it they are fine with it.

"Ojos que no ven, corazón que no siente" :)




On Tue, Dec 13, 2016 at 2:23 PM, Victor Salaman <[hidden email]> wrote:
Hi:

The keys you store in ks.cfg should already be encrypted by either a HSM or some other means. 

What are you trying to achieve?

/V

On Tue, Dec 13, 2016 at 11:18 AM, Fabio Arias <[hidden email]> wrote:
Hello everyone, we have a requirement from our client, and we need to change the way we store our ZMK and ZAK keys in our system.

We currently have a ks.cfg file with the keys and we want to see a more secure way to do it as a keystore or something similar.

thanks a lot
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="m_8358443660150396308m_-3197477217537490470m_-239538572290354909gmail_msg gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYi54znXrHeT8igNTrFAx%3D%2Bkfbd3tPa5hWNfEXEF19a8XQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CALK1Syx6KTw81ZNx498uMSo1hZuJg%2BLBc6%2B82qV%3Dp%3D7f5aYT0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm2b%3DF2BpHicdMDkeWRhTnWOLuWXnjHzow7v0KWSnjvQw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
<a href="tel:+57%20320%208494130" value="+573208494130" class="gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].

For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3DnLxjK1b1D02To8SNvvcpCMmR%3DfeKN0DdQZn34Df56ODQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
<a href="tel:320%208494130" value="+573208494130" class="gmail_msg" target="_blank">+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].

For more options, visit https://groups.google.com/d/optout.

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/C928A9AF-6C6C-46C0-937B-DE43C3DF8BD5%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Fabio Arias
Consultor TI
+57 320 8494130
@fabioariasvera

“No des a tus empleados por sentado. Si no valoras a tu equipo, ellos no valorarán a tus clientes” Richard Branson. 

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: [hidden email]
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAHvqNYhLnpLB-YDJHX_kyCEMp4N2f1TAcYj-N%3DYhuMkZdotpUQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Loading...