| home | updates | download | manual | documents | feedback | search | ITS more |
|
ENCRYPTED CONFIGURATION
-
Configuration data can be in encrypted format which requires a passphrase
to decrypt it. Such a passphrase is specified as the password
for a special user, "sslway" and "config",
representing the kind of configuration.
The passphrase to decrypt the private-key for SSL is given as the password of a special user named "sslway" in a special domain, as this:
-
delegated -Fauth -a sslway:Passphrase -dgauth@admin
The Passphrase will be used by SSL library for decryption of the private-key, which might be bundled in a file together with a certificate, like this for example:
Another passphrase is for getting encrypted configuration parameters specified as "+=conf.cdh". The passphrase to decrypt such data is given as the password of a special user named "config" in a special domain, as this:
-
delegated -Fauth -a config:Passphrase -dgauth@admin
The suffix ".cdh" means that the data is encrypted with "Credhy" algorithm. A file can be encrypted and decrypted with -Fcredhy as follows:
-
delegated -Fcredhy Passphrase < conf > conf.cdh
delegated -Fcredhy Passphrase -d < conf.cdh > conf
An encrypted configuration file can be used as follows:
-
delegated +=conf.cdh
delegated +=http://server/path/conf.cdh
When a configuration file is loaded from a remote server,
it is strongly recommended to use the encryption.
As shown in the examples, those special user names to hold passphrases
are in the special domain "-dgauth@admin" [DGAuth].
The storage for passwords in DGAuth are encrypted with a passphrase,
or MasterKey.
It can be specified as this:
-
CRYPT=pass:MasterKey
If the MasterKey is not specified with a CRYPT parameter for a DeleGate which requires it, then it will be asked interactively. When restarting DeleGate with "-r" or SIGHUP, or restarting in short time after termination, or possibly after rebooting the host machine, the MasterKey is automatically saved and reused without the interaction.