It is now possible to implement custom solutions for retrieving the advanced encryption master key from an arbitrary library. This feature eases the way the developers can customize the master key prompt.
The new ctsrvr.cfg configuration keyword, MASTER_KEY_LIB, takes a string defining the complete library name to load, for example:
MASTER_KEY_LIB maskeylib.dll
or
MASTER_KEY_LIB libmaskey.so
The master key library must link with the OpenSSL libraries that are used to secure the master key exchange and implement the following functions:
Both functions are called by the server code in ctcryp.c. If the version does not match or ctGetSecret returns something different than 0, the master key will not be loaded and the server will be shut down.
To correctly return the encrypted master key, the following must be called to encrypt the master key before returning 0 in ctGetSecret:
int ctSecureMasterKey(ctSecureMasterKeyParams_t *SecureMasterKeyParams)
FairCom Server now supports the ability to check if a client-provided master encryption password matches FairCom Server's current master encryption password. The use case for this feature is an elevated level of access beyond ADMIN authentication. Knowing the master encryption password implies the calling user has elevated privileges.
The server is assumed already started with a valid master key. A new SECURITY() API mode makes this check against the current master key.