Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-40954

Encrypt LTI Advantage private keys in the database

    Details

    • 19 status:
      Resolved
    • Test Plan:
      Hide

      Pretty simple once you know how to set up LTI 13. 

      First start Sakai without basiclti.encryption.key and make an LTI 1.3 tool.  Check the newly created lti_tools table entry to make sure the 'lti13_platform_private' and 'lti13_tool_private' fields do start with 'BEGIN PRIVATE KEY'.

      Then stop Sakai and restart it with:

      basiclti.encryption.key=12345 (or any other key)

      in sakai.properties.

      Edit the LTI 1.3 key you saw in the previous step.   The two private key fields should start with 'BEGIN PRIVATE KEY'.  When you save the key, the database entry in lti_tools should be encrypted. It should not start with 'BEGIN PRIVATE KEY' and must end with 'AES/CBC/PKCS5Padding'.  Edit the key one more time and you should again see 'BEGIN PRIVATE KEY' in the UI for both keys - do not change the keys but save the record and after saving again, the lti_tools entries should be encrypted.  Edit a third time and verify again.

      Then view the key and reveal the tool private key and make sure it starts with "BEGIN PRIVATE...".

      Create a new LTI 1.3 key then check the lti_tools table entry to make sure the 'lti13_platform_private' and 'lti13_tool_private' fields do not start with 'BEGIN PRIVATE KEY' and must end with 'AES/CBC/PKCS5Padding'.    Go into edit and you should see the un-encrypted keys - press Save and they should still be encrypted in the database.   Then use the "View mode" and reveal the private key and it should be unencrypted.

      If this is a real key you should make sure that launches work (i.e. the platform private key is properly decrypted prior to launch).

      Show
      Pretty simple once you know how to set up LTI 13.  First start Sakai without basiclti.encryption.key and make an LTI 1.3 tool.  Check the newly created lti_tools table entry to make sure the 'lti13_platform_private' and 'lti13_tool_private' fields do  start with 'BEGIN PRIVATE KEY'. Then stop Sakai and restart it with: basiclti.encryption.key=12345 (or any other key) in sakai.properties. Edit the LTI 1.3 key you saw in the previous step.   The two private key fields should start with 'BEGIN PRIVATE KEY'.  When you save the key, the database entry in lti_tools should be encrypted. It should  not  start with 'BEGIN PRIVATE KEY' and must end with 'AES/CBC/PKCS5Padding'.  Edit the key one more time and you should again see 'BEGIN PRIVATE KEY' in the UI for both keys - do not change the keys but save the record and after saving again, the lti_tools entries should be encrypted.  Edit a third time and verify again. Then view the key and reveal the tool private key and make sure it starts with "BEGIN PRIVATE...". Create a new LTI 1.3 key then check the lti_tools table entry to make sure the 'lti13_platform_private' and 'lti13_tool_private' fields do not start with 'BEGIN PRIVATE KEY' and must end with 'AES/CBC/PKCS5Padding'.    Go into edit and you should see the un-encrypted keys - press Save and they should still be encrypted in the database.   Then use the "View mode" and reveal the private key and it should be unencrypted. If this is a real key you should make sure that launches work (i.e. the platform private key is properly decrypted prior to launch).

      Description

      This will encrypt the platform and tool private keys in the database.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  csev Charles Severance
                  Reporter:
                  csev Charles Severance
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code