Database Components for encrypted-hashed passwords

[Karim Heraud]

Hello,

I am trying to set up a CAS server authenticating user based on a database with a very specific structure/content.

User password are stored in a very specific way. Two columns: user (username), pwd (encrypted-hashed password).

Encrypted-hashed password means :

Plain pwd -> BCrypt-hashed with a random-generated salt and 12 iterations -> AES-Encrypted with a static known key

In a nutshell : Crypto.encryptAES(BCrypt.hash(pwd, BCrypt.gensalt(12)), myStaticKey)

I test user authentication with BCrypt.checkpw(passwordToCheck, Crypto.decryptAES(retrievedStoredPwd, myStaticKey)) === true

Where should I start to have it working with CAS Server // Spring ?

Thanks for your hints !!

PS : The "why storing password this way" is a good question. All this come from this article : https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence

Karim