Replace custom file format of encrypted console password by openssl format

Question

Replace custom file format of encrypted console password by openssl format

tfr42 opened this issue a year ago · 3 comments

Currently the file console.pw stores the password set for the deegree administration console in a very specific format hex(salt):hex(enc(password)) like:
0000018C2B4B62FD:9C53FF924D7CE3A9112EC480116ACA4F9941B9321F47BDBA5528C5DED47EA076
It contains the salt value and the encrypted password using SHA-256 algorithm delimited by :.

To allow the use of tools such as openssl or using common Java API such as Apache Codec to read and write the password file the format shall be changed to salt$sha256(password) using $ as the delimiter.
An output generated with openssl or Apache Commons Codec Sha2Crypt.sha256Crypt() will look like:
$5$12345$nxIKX54gpaik7RiymymMEhDou8.9DjFTzFkJxHKQ3D/

Usage scenario:

use openssl passwd -salt '01234' -5 mypassword to write the encrypted password into the file console.pw when using deegree in a container and providing an environment variable to pass the password.

Answer 1 · 2023-12-13T16:47:31.000Z

Using htpasswd would be nice to encrypt the password, see https://httpd.apache.org/docs/trunk/programs/htpasswd.html for the available options (requires Apache httpd 2.5). Should be added to the documentation.