Private key password Encryption - Add ability to change password about tessera HOT 5 CLOSED

Requirements:
Private keys that are protected with a password should be able to have that password changed.

Outstanding questions:

• What command line parameters to use for specifying a password change?
• Should this operation update the configuration and then autostart the application, like the new key generation does?

from tessera.

Answers to above questions:

a)
Use separate CLI options that specify:

1. The private key file to modify (inline changes will not be supported currently)
2. Provide the old password (if the key was locked) either directly or in a file
3. Provide argon options for that override the defaults

--key.pwdupdate.keyfile <filepath> [ --key.pwdupdate.old <oldpass> | --key.pwdupdate.pwdfile <passwordFile> ] [--key.pwdupdate.argon <iterations> <memory> <parallelism> ]

b)
This operation should overwrite the old key file as the only destructive operation. Updating the configuration with the new password (either the inline password list or the password file) is to be left to the end user.

from tessera.

The update part can be a single flag and the same options can be used .

--update-passwords or whatever the action is.. 

from tessera.

Using:

--keys.passwordFile
--keys.passwords
--keys.keyData.privateKeyPath
--keys.keyData.config.data.aopts.algorithm
--keys.keyData.config.data.aopts.iterations
--keys.keyData.config.data.aopts.memory
--keys.keyData.config.data.aopts.parallelism

Although they are longer and potentially less clear, they are already defined properties that can be interpreted in the context of updating passwords (instead of the normal case of overriding the configuration file).

from tessera.

Implemented and the wiki updated.

from tessera.