sbabic
commented
2 years ago On 08.06.22 23:43, Adam wrote:
I've been following the tutorials for setting up the docker container and have gotten to the point where I now am wanting to encrypt the passwords instead of using the default |{noop}|. I followed the documentation that led to this blog post https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-storage-format. it specifies that the encrypted passwords can be set using |{bcrypt}| or |{sha256}| followed by the password.
Example:
|- 'SPRING_APPLICATION_JSON={ "hawkbit.server.im.users[0].username": "user", "hawkbit.server.im.users[0].password": "{sha256}5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", "hawkbit.server.im.users[0].firstname": "Test", "hawkbit.server.im.users[0].lastname": "User", "hawkbit.server.im.users[0].permissions": "ALL" `} |
password was hashed on macos by running |echo -n password | shasum -a 256|
This is wrong, it is just the hash of the password but not the hash of the encrypted password.
For bcrypt, I use a small python snipset:
!/usr/bin/env python3
import sys import bcrypt
def main() -> None: if len(sys.argv) != 2: print(f"usage: {sys.argv[0]} password-file", file=sys.stderr) sys.exit(1)
with open(sys.argv[1], "rb") as f:
password = f.read().strip()
salt = bcrypt.gensalt(rounds=10, prefix=b"2a")
hashstr = bcrypt.hashpw(password, salt)
print(f"{{bcrypt}}{hashstr.decode()}")if name == "main": main()
The output goes into application.properties.
What am I missing?
See above ;-)
Best regards, Stefano Babic
I've been following the tutorials for setting up the docker container and have gotten to the point where I now am wanting to encrypt the passwords instead of using the default
{noop}. I followed the documentation that led to this blog post. it specifies that the encrypted passwords can be set using{bcrypt}or{sha256}followed by the password.Example:
password was hashed on macos by running
echo -n password | shasum -a 256What am I missing?