Admin password encryption
174 views
Skip to first unread message
Karl-Heinz Stöckler
Apr 17, 2015, 2:54:30 AM4/17/15
to camunda-...@googlegroups.com
Hello all,
I am wondering how the password encryption in camunda admin works.
I want to reproduce the created encrypted password which is stored in the database.
For example the password for the user demo in plaintext is demo. In the Database the Value is
hex: 89e495e7941cf9e40e6980d14a16bf023ccd4c91
base64: ieSV55Qc+eQOaYDRSha/AjzNTJE=
The base64 value of this converter would be the right one, it matches with the value in the Database.
What I tried is the following Java Code:
I which gives me the following output
The fist value matches with the value generated by the converter. But not the base64 one.
Can somebody tell me how I can reproduce this encrypted value which is stored in the database?
Thank you!
Karl
I am wondering how the password encryption in camunda admin works.
I want to reproduce the created encrypted password which is stored in the database.
For example the password for the user demo in plaintext is demo. In the Database the Value is
| {SHA}ieSV55Qc+eQOaYDRSha/AjzNTJE= I found this online converter tool: http://hash.online-convert.com/sha1-generator There I entered the plaintext demo and got the following output: |
base64: ieSV55Qc+eQOaYDRSha/AjzNTJE=
The base64 value of this converter would be the right one, it matches with the value in the Database.
What I tried is the following Java Code:
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
public class EncryptionTest {
public static void main(String[] args) {
String encrptedPW = "";
String pw = "demo";
encrptedPW = DigestUtils.sha1Hex(pw);
System.out.println("DigestUtils: " + encrptedPW);
byte[] encodedBytes = Base64.encodeBase64(encrptedPW.getBytes());
System.out.println("encodedBytes Base64: " + new String(encodedBytes));
}
}I which gives me the following output
DigestUtils: 89e495e7941cf9e40e6980d14a16bf023ccd4c91
encodedBytes Base64: ODllNDk1ZTc5NDFjZjllNDBlNjk4MGQxNGExNmJmMDIzY2NkNGM5MQ==The fist value matches with the value generated by the converter. But not the base64 one.
Can somebody tell me how I can reproduce this encrypted value which is stored in the database?
Thank you!
Karl
thorben....@camunda.com
Apr 17, 2015, 4:53:35 AM4/17/15
to camunda-...@googlegroups.com
Hi Karl,
String#getBytes returns the String encoded in the platform's default encoding. The engine encodes the password String in UTF-8, so that might be one point where your code differs from the engine's code. By the way, you can find the source code for encrypting the password under [1].
Cheers,
Thorben
[1] https://github.com/camunda/camunda-bpm-platform/blob/master/engine/src/main/java/org/camunda/bpm/engine/impl/digest/Base64EncodedHashDigest.java
String#getBytes returns the String encoded in the platform's default encoding. The engine encodes the password String in UTF-8, so that might be one point where your code differs from the engine's code. By the way, you can find the source code for encrypting the password under [1].
Cheers,
Thorben
[1] https://github.com/camunda/camunda-bpm-platform/blob/master/engine/src/main/java/org/camunda/bpm/engine/impl/digest/Base64EncodedHashDigest.java
Karl-Heinz Stöckler
Apr 17, 2015, 5:10:06 AM4/17/15
to camunda-...@googlegroups.com
Hi Thorben,
Thank you so much for your answer!
With your link to the source code I could solve my Problem :)
Thanks
Karl
Thank you so much for your answer!
With your link to the source code I could solve my Problem :)
Thanks
Karl
Reply all
Reply to author
Forward
0 new messages