Magnolia password manager

28 views
Skip to first unread message

Samuli Saarinen

unread,
Nov 29, 2023, 3:21:18 AM11/29/23
to Magnolia User Mailing List
Hi,

I ran into a weird problem with email sending failing due to incorrect credentials which led me to investigate password manager. And now it seems that it is not able to encrypt/decrypt passwords correctly. I tried getting the email-password unencrypted from PasswordRegistry but it did not return the actual password.

Looking at the sources I think I could verify this with SecurityUtil and groovy-console using the following snippet

 info.magnolia.cms.security.SecurityUtil.decrypt(info.magnolia.cms.security.SecurityUtil.encrypt("testing"))
====> J{ ��z����D� j�...

I think (and it works on my localhost setup) this snippet should return the original password string and not some "garbage".

Any ideas what might be going on here. FWIW publishing works fine so I think activation keys should be setup correctly.

BR, Samuli

samuli....@gmail.com

unread,
Nov 29, 2023, 5:12:24 AM11/29/23
to user...@magnolia-cms.com

Hi again,

 

I think I got it figured out. We needed to rotate our activation keys a while back and because we are running magnolia in containers it was not possible to just generate the author keystore as they are mounted to the env from secrets etc. So I created new keys manually and updated the keystore to author and public keys to public instances but what I did not do was update the server/activation@publicKey on author instance to reflect the new key. I did not notice it because publishing works as author uses only the private key which was/is read from the keystore. Also magnolia password management is not used heavily as secrets are stored elsewhere.

 

Hope this helps if someone else stumbles into this. Also there could be a mention in the Activation Keys [1] documentation about the need to manually refresh the author public key if new keys are generated “manually” and not by using the “generate keys” functionality.

 

[1] https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Activation-security/Activation-keys.html

 

BR, Samuli

--
You received this message because you are subscribed to the Google Groups "Magnolia User Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to user-list+...@magnolia-cms.com.
To view this discussion on the web, visit https://groups.google.com/a/magnolia-cms.com/d/msgid/user-list/b890fab7-2bbe-4272-9001-d983bcba474an%40magnolia-cms.com.

Reply all
Reply to author
Forward
0 new messages