[sip-comm] Store passwords in main config file


#1

Hi!

I see, that account parameters are stored in configuration file in lines

net.java.sip.communicator.impl.protocol.sip.acc1292951237792.*

(Are figures here system or instance dependent?)

I wonder: is it possible to keep password here too?

What does parameter

net.java.sip.communicator.impl.protocol.sip.acc1292951237792.ENCRYPTED_PASSWORD

does?

I think it can't be read by SC to login onto service if this is one-way
hash.

My goal is to send password by provisioning mechanism. Since I can control
only configuration file content, hence I need to send password via this
file.

Thank you!

Regards,
   Dmitry Kravchenko


#2

Hey Dmitry,

На 24.12.10 19:56, Dmitry Kravchenko написа:

Hi!

I see, that account parameters are stored in configuration file in lines

net.java.sip.communicator.impl.protocol.sip.acc1292951237792.*

(Are figures here system or instance dependent?)

Neither. They just need to be unique within the file.

I wonder: is it possible to keep password here too?

It is indeed.

What does parameter

net.java.sip.communicator.impl.protocol.sip.acc1292951237792.ENCRYPTED_PASSWORD

does?

Yes, that's exactly where passwords go.

I think it can't be read by SC to login onto service if this is one-way
hash.

My goal is to send password by provisioning mechanism. Since I can
control only configuration file content, hence I need to send password
via this file.

You simply need to send the passwords in plain text (using https is
hence strongly advised). The provisioning module would then encrypt them
using the client key. I've just updated our provisioning manual to
mention this:

http://www.sip-communicator.org/provisioning

(check out the bottom)

Hope this helps,
Emi

···

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: users-help@sip-communicator.dev.java.net


#3

(Sorry, copying to all...)

Thank you for your answer! But some questions remain.

net.java.sip.communicator.impl.protocol.sip.acc1292951237792.*
>
> (Are figures here system or instance dependent?)

Neither. They just need to be unique within the file.

May I send the same figures to all SC clients then?

You simply need to send the passwords in plain text (using https is
hence strongly advised). The provisioning module would then encrypt them

using the client key. I've just updated our provisioning manual to

mention this:

http://www.sip-communicator.org/provisioning

(check out the bottom)

Sorry, didn't understand, in which property should I put unencrypted
password? Should I use
net.java.sip.communicator.impl.protocol.sip.acc1292951237792.ENCRYPTED_PASSWORD?
Just to clarify: I should put unencrypted password into property named
"encrypted"?

Regards,
   Dmitry.

···

On Fri, Dec 24, 2010 at 11:09 PM, Emil Ivov <emcho@sip-communicator.org> wrote:


#4

На 24.12.10 23:12, Dmitry Kravchenko написа:

(Sorry, copying to all...)

Thank you for your answer! But some questions remain.

    > net.java.sip.communicator.impl.protocol.sip.acc1292951237792.*
    >
    > (Are figures here system or instance dependent?)

    Neither. They just need to be unique within the file.

May I send the same figures to all SC clients then?

Yes. They only need to be unique within the properties file.

    You simply need to send the passwords in plain text (using https is
    hence strongly advised). The provisioning module would then encrypt them

    using the client key. I've just updated our provisioning manual to
    mention this:

    http://www.sip-communicator.org/provisioning

    (check out the bottom)

Sorry, didn't understand, in which property should I put unencrypted
password? Should I
use net.java.sip.communicator.impl.protocol.sip.acc1292951237792.ENCRYPTED_PASSWORD?

Yes.

Just to clarify: I should put unencrypted password into property named
"encrypted"?

Yes. There's no way for you to do things otherwise since you wouldn't
know what string the client is using. SIP Communicator would take care
of the actual encryption.

Cheers,
Emil

···

On Fri, Dec 24, 2010 at 11:09 PM, Emil Ivov <emcho@sip-communicator.org > <mailto:emcho@sip-communicator.org>> wrote:

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: users-help@sip-communicator.dev.java.net


#5

Hm... It is strange... First testing step I was started from was just
putting normal configuration file onto provisioning server. Obviously, this
file contained encrypted password - exactly as it was in local version. But
SC was successfully logged into SIP provider. Hence it can distinguish ether
password in provisioning file is encrypted or not, correct?

Btw :slight_smile:

Merry Christmas to all :slight_smile:

Regards,
   Dmitry.

···

On Sat, Dec 25, 2010 at 12:17 AM, Emil Ivov <emcho@sip-communicator.org>wrote:

> Just to clarify: I should put unencrypted password into property named
> "encrypted"?

Yes. There's no way for you to do things otherwise since you wouldn't
know what string the client is using. SIP Communicator would take care
of the actual encryption.


#6

На 24.12.10 23:39, Dmitry Kravchenko написа:

    > Just to clarify: I should put unencrypted password into property named
    > "encrypted"?

    Yes. There's no way for you to do things otherwise since you wouldn't
    know what string the client is using. SIP Communicator would take care
    of the actual encryption.

Hm... It is strange... First testing step I was started from was just
putting normal configuration file onto provisioning server. Obviously,
this file contained encrypted password - exactly as it was in local
version. But SC was successfully logged into SIP provider. Hence it can
distinguish ether password in provisioning file is encrypted or not,
correct?

Oops. Indeed. We only convert passwords that we receive in a PASSWORD
property and assume the ENCRYPTED_PASSWORDS to be already protected. In
other words

net.java.sip...protocol.jabber.acc12911123.PASSWORD=mypassword

would become something like

net.java.sip...protocol.jabber.acc12911123.ENCRYPTED_PASSWORD=x5ElABCKLjzDm

I've updated our provisioning manual accordingly.

Thanks for pointing this out and apologies for the confusion.

Cheers,
Emil

···

On Sat, Dec 25, 2010 at 12:17 AM, Emil Ivov <emcho@sip-communicator.org > <mailto:emcho@sip-communicator.org>> wrote:

Btw :slight_smile:

Merry Christmas to all :slight_smile:

Regards,
   Dmitry.

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
SIP Communicator
emcho@sip-communicator.org PHONE: +33.1.77.62.43.30
http://sip-communicator.org FAX: +33.1.77.62.47.31

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: users-help@sip-communicator.dev.java.net