Feature #51
closed
Encrypt CardDAV Server password
Added by Jörg Ebeling about 3 years ago. Updated about 3 years ago.
100%
Description
For security consideration, it would be better to store the hashed CardDAV Server password, instead of the clear-text one.
Files
| l2cpbg_0.9.4beta4_amd64.deb (8.84 MB) l2cpbg_0.9.4beta4_amd64.deb | Jörg Ebeling, 11/03/2021 09:09 PM | ||
| l2cpbg_0.9.4beta4_linux-amd64.tgz (10.1 MB) l2cpbg_0.9.4beta4_linux-amd64.tgz | Jörg Ebeling, 11/03/2021 09:09 PM | ||
| l2cpbg_0.9.4beta4_windows-64bit.zip (10.2 MB) l2cpbg_0.9.4beta4_windows-64bit.zip | Jörg Ebeling, 11/03/2021 09:09 PM |
Updated by Jörg Ebeling about 3 years ago
- Subject changed from Hashed CardDAV Server password to Encrypt CardDAV Server password
Hashing for sure will not work, but encryption would do.
Updated by Jörg Ebeling about 3 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 50
Updated by Jörg Ebeling about 3 years ago
- File l2cpbg_0.9.4beta4_amd64.deb l2cpbg_0.9.4beta4_amd64.deb added
- File l2cpbg_0.9.4beta4_linux-amd64.tgz l2cpbg_0.9.4beta4_linux-amd64.tgz added
- File l2cpbg_0.9.4beta4_windows-64bit.zip l2cpbg_0.9.4beta4_windows-64bit.zip added
- Status changed from In Progress to Feedback
- % Done changed from 50 to 100
Here's the readme relevant part:
[dav] = WebDav/CardDav server settings¶
...
pass : Related user password. If you don't like to store your CardDAV-Server password in clear-text here, you've also the possibility to use the AES-256 encrypted variant of the password here. Please check l2cpbg's command line option --encryptPassword via l2cpbg --help. If you already stored the encrypted password variant here, you can also check/validate it with command line option --testDavPassword.
Looking forward to any feedback
Updated by Jörg Ebeling about 3 years ago
Hi Michael.
Thanks a lot for your feedback!
Michael Gruth wrote:
great performance, yesterday's request will be fullfilled today.
Quite thanks for the flowers, but for sure it highly depends of my other workload ;-)
Everything was working as described,
Cool!
if you like to optimize it, then you should add the password automaticly into the config file, but just a feature, will work as it is,
For sure, would be more comfortable, but I fear about multiple editors (L2CPBG + User) of one file. In addition it could become tricky to place it to the correct position.
Once the Webfrontend (1.0) is live, functionality like this become quite more comfortable.
but maybe you should add a comment to your readme file that the password needs to be copied into the config file to work.
Good point!!
The readme currently point out:
pass : Related user password. If you don't like to store your CardDAV-Server password in clear-text here, you've also the possibility to use the AES-256 encrypted variant of the password here. Please check l2cpbg's command line option --encryptPassword via l2cpbg --help. If you already stored the encrypted password variant here, you can also check/validate it with command line option --testDavPassword.
I changed the relevant output of command-line option --help now to:
--encryptPassword=<clear text password>
Encrypt the given clear-text-password to get a config sample for
manual copy as [dav] pass="<encrypted password>"
and the output of command-line option --encryptPassword to:
Password encryption succeed. Copy/replace the following within your config:
[dav]
pass="[AES256]..."
Is it clear enough?
Updated by Michael Gruth about 3 years ago
The new readme explanation is quite perfect.
Take care
Michael
Am 04.11.2021 um 14:03 schrieb Jörg Ebeling:
Updated by Jörg Ebeling about 3 years ago
- Status changed from Feedback to Closed