Bug #3812
closedChange logic in GroupManger.getGroupKey() to avoid regenerate group key pairs every time.
100%
Description
Each time GroupManager.getGroupKey is called, the group's E-key and all of its current members' D-keys are regenerated.
Updated by Zhiyi Zhang about 8 years ago
- Status changed from New to Code review
- % Done changed from 0 to 80
Updated by Zhiyi Zhang about 8 years ago
Seems there is no one reviewing the code. Wonder who can do this?
Updated by Zhiyi Zhang about 8 years ago
- Status changed from Code review to Closed
- % Done changed from 80 to 100
Updated by Anonymous about 8 years ago
This change stores the unencrypted private key in the Sqlite file. Have you thought about the security risks of this? Did you consider if it would it be better to keep the private key in memory between calls to getGroupKey?
https://github.com/named-data/ndn-group-encrypt/blob/master/src/group-manager-db.cpp#L342
Updated by Zhiyi Zhang about 8 years ago
Jeff Thompson wrote:
This change stores the unencrypted private key in the Sqlite file. Have you thought about the security risks of this? Did you consider if it would it be better to keep the private key in memory between calls to getGroupKey?
https://github.com/named-data/ndn-group-encrypt/blob/master/src/group-manager-db.cpp#L342
Yes, there could be a security problem, I will try to figure it out.
Updated by Anonymous over 7 years ago
- Status changed from Closed to Feedback
Status changed to Feedback while reviewing the security concern for storing raw private keys.
Updated by Zhehao Wang over 7 years ago
Zhiyi Zhang wrote:
Yes, there could be a security problem, I will try to figure it out.
@Zhiyi I wonder if there are any updates to this?
(This update in CCL would be helpful for the current NDNFit application.)
Updated by Zhiyi Zhang over 7 years ago
Zhehao Wang wrote:
Zhiyi Zhang wrote:
Yes, there could be a security problem, I will try to figure it out.
@Zhiyi I wonder if there are any updates to this?
(This update in CCL would be helpful for the current NDNFit application.)
Updated by Anonymous over 7 years ago
I see a commit to GitHub. Is this issue resolved?
Updated by Anonymous over 7 years ago
In group-manager-db.hpp, cleanEKeys is private but nothing calls it. Maybe it should be public so that the application cal call it periodically?
https://github.com/named-data/name-bases-access-control/blob/67f90aa6610bf936d87712c6992c4727d7f5d9b8/src/group-manager-db.hpp#L195
Updated by Alex Afanasyev over 6 years ago
- Status changed from Feedback to Abandoned