PageViews: 42,633 hits / 329 nets |
home | updates | download | manual | documents | feedback | search | ITS more |
|
ENCRYPTED CONFIGURATION
The Passphrase will be used by SSL library for decryption of the private-key, which might be bundled in a file together with a certificate, like this for example:
Another passphrase is for getting encrypted configuration parameters specified as "+=conf.cdh". The passphrase to decrypt such data is given as the password of a special user named "config" in a special domain, as this:
The suffix ".cdh" means that the data is encrypted with "Credhy" algorithm. A file can be encrypted and decrypted with -Fcredhy as follows:
An encrypted configuration file can be used as follows:
When a configuration file is loaded from a remote server,
it is strongly recommended to use the encryption.
As shown in the examples, those special user names to hold passphrases
are in the special domain "-dgauth@admin" [DGAuth].
The storage for passwords in DGAuth are encrypted with a passphrase,
or MasterKey.
It can be specified as this:
If the MasterKey is not specified with a CRYPT parameter for a DeleGate which requires it, then it will be asked interactively. When restarting DeleGate with "-r" or SIGHUP, or restarting in short time after termination, or possibly after rebooting the host machine, the MasterKey is automatically saved and reused without the interaction.