如何为 elytron 生成屏蔽密码?
How to generate masked passwords for elytron?
我想用掩码密码替换我在 wildfly-config.xml 中使用的明文密码,这似乎在 WildFly 18 中受支持。
我试过使用 elytron-tool 生成屏蔽密码:
./elytron-tool.sh mask --salt 12345678 --iteration 12 --secret password
MASK-2FVkvIpoGRstP19QEZ76qE;12345678;12
然后我将哈希 ("2FVkvIpoGRstP19QEZ76qE") 转换为 base64 并添加到 wildfly-config.xml
<credentials>
<masked-password iteration-count="12" salt="12345678" masked-password="MkZWa3ZJcG9HUnN0UDE5UUVaNzZxRQ=="/>
</credentials>
<sasl-mechanism-selector selector="DIGEST-MD5"/>
但是它失败了:
Caused by: java.security.spec.InvalidKeySpecException: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at org.wildfly.security.password.impl.MaskedPasswordImpl.unmask(MaskedPasswordImpl.java:182)
at org.wildfly.security.password.impl.MaskedPasswordImpl.<init>(MaskedPasswordImpl.java:76)
at org.wildfly.security.password.impl.MaskedPasswordImpl.<init>(MaskedPasswordImpl.java:96)
at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineGeneratePassword(PasswordFactorySpiImpl.java:476)
at org.wildfly.security.password.PasswordFactory.generatePassword(PasswordFactory.java:151)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseMaskedPassword(ElytronXmlParser.java:2748)
... 21 more
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:936)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2164)
at org.wildfly.security.password.impl.MaskedPasswordImpl.unmask(MaskedPasswordImpl.java:180)
所以看来我生成屏蔽密码的过程是错误的。你能建议任何 tool/shell 命令来生成有效的掩码密码吗?
非常感谢
您可以在 Jboss' 开发者博客中找到生成屏蔽密码的示例代码:https://developer.jboss.org/people/aabdelsa/blog/2019/09/05/support-for-masked-passwords-in-the-client-xml-configuration
希望对你有帮助
我想用掩码密码替换我在 wildfly-config.xml 中使用的明文密码,这似乎在 WildFly 18 中受支持。
我试过使用 elytron-tool 生成屏蔽密码:
./elytron-tool.sh mask --salt 12345678 --iteration 12 --secret password
MASK-2FVkvIpoGRstP19QEZ76qE;12345678;12
然后我将哈希 ("2FVkvIpoGRstP19QEZ76qE") 转换为 base64 并添加到 wildfly-config.xml
<credentials>
<masked-password iteration-count="12" salt="12345678" masked-password="MkZWa3ZJcG9HUnN0UDE5UUVaNzZxRQ=="/>
</credentials>
<sasl-mechanism-selector selector="DIGEST-MD5"/>
但是它失败了:
Caused by: java.security.spec.InvalidKeySpecException: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at org.wildfly.security.password.impl.MaskedPasswordImpl.unmask(MaskedPasswordImpl.java:182)
at org.wildfly.security.password.impl.MaskedPasswordImpl.<init>(MaskedPasswordImpl.java:76)
at org.wildfly.security.password.impl.MaskedPasswordImpl.<init>(MaskedPasswordImpl.java:96)
at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineGeneratePassword(PasswordFactorySpiImpl.java:476)
at org.wildfly.security.password.PasswordFactory.generatePassword(PasswordFactory.java:151)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseMaskedPassword(ElytronXmlParser.java:2748)
... 21 more
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:936)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:416)
at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2164)
at org.wildfly.security.password.impl.MaskedPasswordImpl.unmask(MaskedPasswordImpl.java:180)
所以看来我生成屏蔽密码的过程是错误的。你能建议任何 tool/shell 命令来生成有效的掩码密码吗? 非常感谢
您可以在 Jboss' 开发者博客中找到生成屏蔽密码的示例代码:https://developer.jboss.org/people/aabdelsa/blog/2019/09/05/support-for-masked-passwords-in-the-client-xml-configuration 希望对你有帮助