Class CryptoUtil
- java.lang.Object
-
- org.apache.wiki.util.CryptoUtil
-
public final class CryptoUtil extends java.lang.Object
Hashes and verifies salted SHA-1 passwords, which are compliant with RFC 2307.
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.lang.String
getSaltedPassword(byte[] password, java.lang.String algorithm)
Creates an RFC 2307-compliant salted, hashed password with the SHA1 or SHA-256 MessageDigest algorithm.static void
main(java.lang.String[] args)
Convenience method for hashing and verifying salted SHA-1 or SHA-256 passwords from the command line.static boolean
verifySaltedPassword(byte[] password, java.lang.String entry)
Compares a password to a given entry and returns true, if it matches.
-
-
-
Method Detail
-
main
public static void main(java.lang.String[] args) throws java.lang.Exception
Convenience method for hashing and verifying salted SHA-1 or SHA-256 passwords from the command line. This method requires
commons-codec-1.3.jar
(or a newer version) to be on the classpath. Command line arguments are as follows:--hash password SSHA
- hashes password and prints a password digest that looks like this:{SSHA}yfT8SRT/WoOuNuA6KbJeF10OznZmb28=
--verify password digest
- verifies password by extracting the salt from digest (which is identical to what is printed by--hash
) and re-computing the digest again using the password and salt. If the password supplied is the same as the one used to create the original digest,true
will be printed; otherwisefalse
For example, one way to use this utility is to change to JSPWiki's
build
directory and type the following command:java -cp JSPWiki.jar:../lib/commons-codec-1.3.jar org.apache.wiki.util.CryptoUtil --hash mynewpassword
- Parameters:
args
- arguments for this method as described above- Throws:
java.lang.Exception
- Catches nothing; throws everything up.
-
getSaltedPassword
public static java.lang.String getSaltedPassword(byte[] password, java.lang.String algorithm) throws java.security.NoSuchAlgorithmException
Creates an RFC 2307-compliant salted, hashed password with the SHA1 or SHA-256 MessageDigest algorithm. After the password is digested, the first 20 or 32 bytes of the digest will be the actual password hash; the remaining bytes will be a randomly generated salt of length
DEFAULT_SALT_SIZE
, for example:{SSHA}3cGWem65NCEkF5Ew5AEk45ak8LHUWAwPVXAyyw==
In layman's terms, the formula is
digest( secret + salt ) + salt
. The resulting digest is Base64-encoded.Note that successive invocations of this method with the same password will result in different hashes! (This, of course, is exactly the point.)
- Parameters:
password
- the password to be digested- Returns:
- the Base64-encoded password hash, prepended by
{SSHA}
or{SHA256}
. - Throws:
java.security.NoSuchAlgorithmException
- If your JVM does not supply the necessary algorithm. Should not happen.
-
verifySaltedPassword
public static boolean verifySaltedPassword(byte[] password, java.lang.String entry) throws java.security.NoSuchAlgorithmException
Compares a password to a given entry and returns true, if it matches.- Parameters:
password
- The password in bytes.entry
- The password entry, typically starting with {SSHA}.- Returns:
- True, if the password matches.
- Throws:
java.security.NoSuchAlgorithmException
- If there is no SHA available.
-
-