...
To encrypt the password, execute “java dk.itp.security.utils.PasswordUtils <password>
” replacing <password> with the password to encrypt. You will need PortalProtectAgent.jar in your classpath.
Below is an example of the output when run the first time – here the keys are generated.
Code Block |
---|
Ceptor Password obfuscation and encryption |
...
Obfuscated password: {encoded} |
...
BC817B5B1F2BC934 Generating Tripple DES key and saving it as passwordUtils.3deskey |
...
Generating AES key and saving it as passwordUtils.aeskey |
...
Generating 2048 bit RSA Keypair, and saving the keys as passwordUtils.privatekey and passwordUtils.publickey |
...
3DES encrypted password: {3DES} |
...
EXohj8jIBmU79IQB2biNVA== |
...
AES encrypted password: {AES} |
...
Ld6S9xK7u53UrDbubaUCIw== |
...
RSA encrypted password: {RSA} |
...
Subsequent runs will produce output similar to this:Ceptor Password obfuscation and encryption
...
eqMozuIXv1jsiYez5IyfawrFi6R8WmY8ZAq+PTyJJYCl3F85okFGMNk0oiobGEDCvRoz78At5pZfjaS38o64SU6K1TfmK4LsRNE77T/lOQw67Z4S2PNzlEw1MNd8zXA/8rBIrRLgzEoWS+jr20OUa1bYO3Yz/ICJhxY3YtJQVr54mvWWocM0rA7OQVJ65w0QgteZ6VSFIJndAwNH+L7UYVrEjdgOqC2IY+WuJaB60fqcPXqSrJVPU5ix4/xSErTJR3i6MEiTSEDGbN776Rfo8sU7FYqODXFvXw6LKfJgXa0EorYMilJIqJaMA5d7JJSMFXHkeUROuQL/omLNo1LVkA==
The following passwords are hashed and not encrypted - hashed passwords will not work in ceptor-configuration.xml but will work in ceptor-security.xml
BCRYPT hashed password: {bc}$2a$10$Hv8JBPMI1IokORd7pqr4kOLnPESkPyoaQ8TmD7QRf7Iyh0cbfZZt2
PBKDF2 hashed password: {pbkdf2}1000:3400e4b8d201e25b6acd61801a489adc4023df28763123eb1b044a8fdede:cee69f33d864b98962c65dda60ced4b2eca16be15fc11c30ff8878bf26bb
SHA-1 hashed password: {sha1}W6ph5Mm5Pz8GgiULbPgzG37mj9g= |
Subsequent runs will produce output similar to this:
Code Block |
---|
Ceptor Password obfuscation and encryption Obfuscated password: {encoded}BC817B5B1F2BC934 3DES encrypted password: {3DES} |
...
EXohj8jIBmU79IQB2biNVA== |
...
AES encrypted password: {AES} |
...
Ld6S9xK7u53UrDbubaUCIw== |
...
RSA encrypted password: {RSA} |
...
OYPU45Br6Qg0n3Mz8YGSvwTWo20R++y4bd7GpXuBm0YEtV3pmv9b6eqZF2HPk/Itmg/FKYDU0pNXAiGOeXq7vq86zlGqKVdFkKJBva/gzwoO1nr4vCkT9Gms2m/FyCJehsGlPJj0UXNIWAAARS3ZqehmV1xN05IyMYvkmJN/VUK17n/AZO1M6oKvdEB+b70uy+CCoJ4zjvFYbvzEd6ZA47r+2r8SVsmu9c7tJa/ch7dVGqMSNGmzA+OMOn9Ly87o4fXWQOKB0rykz3QGMPnF3pMuGkhMBzQZYcw1QhCt3LRhWuro7KFO+ZQNgQeGE+xp8Se3tRpeAssoJKYi0ujcFw==
The following passwords are hashed and not encrypted - hashed passwords will not work in ceptor-configuration.xml but will work in ceptor-security.xml
BCRYPT hashed password: {bc}$2a$10$8i0spYfh7.R7j78jyhUj4OTmlPuOiQvs2baXfjH13xz.yEbIUw1wW
PBKDF2 hashed password: {pbkdf2}1000:8d0b454f9524fcdc5fd0a57adf67c32deb8057105d146985573278f019b9:f8dcd9f3c9408b772231b3c54c2f6dcf261dfb777495af54ca715b6baf93
SHA-1 hashed password: {sha1}W6ph5Mm5Pz8GgiULbPgzG37mj9g= |
You can then cut’n paste the corresponding encrypted key to your configuration.
Note |
---|
You cannot in general use hashed passwords within Ceptor's XML configuration - Ceptor needs to be able to decrypt a password to used it against another party - that is not possible with hashed passwords. Hashed passwords however can be used to verify a real password against - so they are great for using in |
Important Points to Remember
...