Project

General

Profile

Actions

Feature #51

closed

Encrypt CardDAV Server password

Added by Jörg Ebeling over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
11/02/2021
Due date:
% Done:

100%

Estimated time:

Description

For security consideration, it would be better to store the hashed CardDAV Server password, instead of the clear-text one.


Files

l2cpbg_0.9.4beta4_amd64.deb (8.84 MB) l2cpbg_0.9.4beta4_amd64.deb Jörg Ebeling, 11/03/2021 09:09 PM
l2cpbg_0.9.4beta4_linux-amd64.tgz (10.1 MB) l2cpbg_0.9.4beta4_linux-amd64.tgz Jörg Ebeling, 11/03/2021 09:09 PM
l2cpbg_0.9.4beta4_windows-64bit.zip (10.2 MB) l2cpbg_0.9.4beta4_windows-64bit.zip Jörg Ebeling, 11/03/2021 09:09 PM
Actions #1

Updated by Jörg Ebeling over 2 years ago

  • Subject changed from Hashed CardDAV Server password to Encrypt CardDAV Server password

Hashing for sure will not work, but encryption would do.

Actions #2

Updated by Jörg Ebeling over 2 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 50

Updated by Jörg Ebeling over 2 years ago

Here's the readme relevant part:

[dav] = WebDav/CardDav server settings

...

pass : Related user password. If you don't like to store your CardDAV-Server password in clear-text here, you've also the possibility to use the AES-256 encrypted variant of the password here. Please check l2cpbg's command line option --encryptPassword via l2cpbg --help. If you already stored the encrypted password variant here, you can also check/validate it with command line option --testDavPassword.

Looking forward to any feedback

Actions #4

Updated by Jörg Ebeling over 2 years ago

Hi Michael.

Thanks a lot for your feedback!

Michael Gruth wrote:

great performance, yesterday's request will be fullfilled today.

Quite thanks for the flowers, but for sure it highly depends of my other workload ;-)

Everything was working as described,

Cool!

if you like to optimize it, then you should add the password automaticly into the config file, but just a feature, will work as it is,

For sure, would be more comfortable, but I fear about multiple editors (L2CPBG + User) of one file. In addition it could become tricky to place it to the correct position.
Once the Webfrontend (1.0) is live, functionality like this become quite more comfortable.

but maybe you should add a comment to your readme file that the password needs to be copied into the config file to work.

Good point!!
The readme currently point out:

pass : Related user password. If you don't like to store your CardDAV-Server password in clear-text here, you've also the possibility to use the AES-256 encrypted variant of the password here. Please check l2cpbg's command line option --encryptPassword via l2cpbg --help. If you already stored the encrypted password variant here, you can also check/validate it with command line option --testDavPassword.

I changed the relevant output of command-line option --help now to:

--encryptPassword=<clear text password>
        Encrypt the given clear-text-password to get a config sample for
        manual copy as [dav] pass="<encrypted password>"

and the output of command-line option --encryptPassword to:

Password encryption succeed. Copy/replace the following within your config:
[dav]
pass="[AES256]..."

Is it clear enough?

Actions #5

Updated by Michael Gruth over 2 years ago

The new readme explanation is quite perfect.

Take care
Michael

Am 04.11.2021 um 14:03 schrieb Jörg Ebeling:

Actions #6

Updated by Jörg Ebeling over 2 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF

Go to top