stackoom
  简体   繁体   中英

Decode AES encryption in web application in IBM Liberty server

 原文  2020-11-18 06:43:21       java/ websphere-liberty

Question

Placed the AES encryption password in liberty server jvm.options file as below -DencKey={aes}{aes}ANRib/ITz7RTc2YB+VXWZqINrjZ15vSBeg==........

while retrieving in java application by using System.getProperty("encKey").

getting the exact value not the decrypted one.

Should we do decrypt manually or through configurations we can achieve the decrypted value?

3 answers

solution1
 0  2020-11-18 17:55:16

First, you need to enable the passwordUtilities-1.0 feature :

<featureManager>
    <feature>passwordUtilities-1.0</feature>
</featureManager>

Then, you can use the com.ibm.websphere.crypto.PasswordUtil API to decode the password:

String encodedPassword = System.getProperty("encKey");
String decodedPassword = PasswordUtil.decode(encodedPassword);

solution2
 0  2020-11-19 14:27:43

Your encoded string is malformed

-DencKey={aes}{aes}ANRib/ITz7RTc2YB+VXWZqINrjZ15vSBeg==...

it should only have a single encryption preamble like

-DencKey={aes}ANRib/ITz7RTc2YB+VXWZqINrjZ15vSBeg==...

solution3
 0  2022-09-27 19:05:51

for ppl who find this on their search to decode the PW: here an example to decode with passwordUtilities feature

https://gitlab.com/pppoudel/public_shared/-/tree/master/WLibertyPwdUtil

blog post of it: https://purnapoudel.blogspot.com/2017/10/how-to-use-wlp-passwordutilities.html

important to have the enc key set.

  <variable name="wlp.password.encryption.key" value="myEncKey123">

code example:

<!DOCTYPE HTML>
<%@page language="java"
    contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<html>
<head>
<title>index</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body>
     <%! String password="t3mp_pwD"; %>
     <h2> This page shows how to use com.ibm.websphere.crypto.PasswordUtil to encrypt/decrypt password using xor or aes.</h2>
     <hr/>
     <h3> Provided plain text password is:<%= password %></h3>
     Note: encryption key "replaceM3" is being used for "aes" encryption/decryption. <br/>
     <br/>
     <%! String xorEncodedVal=com.ibm.websphere.crypto.PasswordUtil.passwordEncode(password, "xor");
         String aesEncodedVal=com.ibm.websphere.crypto.PasswordUtil.passwordEncode(password, "aes"); %>
     <h3> xor encoded value is: <%= xorEncodedVal %> </h3>
     <h3> aes encrypted value is: <%= aesEncodedVal %> </h3>
     <h3> xor decoded value is: <% out.println(com.ibm.websphere.crypto.PasswordUtil.passwordDecode(xorEncodedVal)); %> </h3>
     <h3> aes decrypted value is: <% out.println(com.ibm.websphere.crypto.PasswordUtil.passwordDecode(aesEncodedVal)); %> </h3> 
     
</body>
</html>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to install a jar library in liberty web sphere IBM in default server Configuring Mysql DataSource with IBM WebSphere Application Server Liberty Profile Determining the JRE of an IBM Liberty server Achieving concurrency in IBM liberty server How to deploy JavaEE 7 / JPA 2.1 Dynamic Web Application to IBM Liberty Profile WITHOUT web.xml WebSphere Liberty Server (IBM Bluemix) - error when run the RESTful web-service on server difference for WebSphere Application Server for Developers VS IBM WebSphere SDK Java 7 for Liberty and Full profile Running IBM WebSphere Liberty Profile as Microsoft Azure Web Site Websphere 8.5 Application to IBM WebSphere Liberty on AWS migration Using Java Code for Android Application (for AES encryption)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM