Re: [jetty-users] Question regd jetty ssl configuration.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Question regd jetty ssl configuration.

From: Joakim Erdfelt <joakim@xxxxxxxxxxx>
Date: Thu, 15 Jul 2021 10:27:33 -0500
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

The `MD5:` format Credential / Password is what's known as a 1-way hash (this is not encryption)

You can take a password and generate a MD5.

Then later, when a password is provided, you can run the hash again and compare the resulting MD5 to know if the password that was provided is a match.

There's no way for the Keystore to reverse out the password it needs to use from the MD5 hash.

The `MD5:` format in the Credential / Password exists for tooling / specs / libraries that use them.

Such as Digest authentication in the HTTP spec, which takes the user password on the user-agent (browser), tacks other information into it, hashes the resulting string, and only sends the MD5 hash over the network to the server.

Then the server simply performs a hash comparison to know if the password was correct (or not).

Your choices for Keystore passwords OBF, CRYPT, or plaintext.

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Thu, Jul 15, 2021 at 1:09 AM TSmitha <smitad221@xxxxxxxxx> wrote:

Hi,

I am using jetty version -- jetty-9.4.40.v20210413 - 13 April 2021 on java 1.8 platform.

I am setting up ssl by referring to this documentation regarding putting obfuscated/encrypted password in jetty-ssl-context.xml -- https://www.eclipse.org/jetty/documentation/jetty-9/index.html#configuring-security-secure-passwords

If i provide OBF: format passwords for (keystore and truststore) then jetty server runs fine but if i put MD5: format password in this xml file, jetty server fails to run, i have found this log in jetty/logs

java.security.PrivilegedActionException: java.io.IOException: Keystore was tampered with, or password was incorrect

at java.security.AccessController.doPrivileged(Native Method)

at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1857)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.eclipse.jetty.start.Main.invokeMain(Main.java:218)

at org.eclipse.jetty.start.Main.start(Main.java:491)

at org.eclipse.jetty.start.Main.main(Main.java:77)

Caused by:

java.io.IOException: Keystore was tampered with, or password was incorrect

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)

Can you please provide your guidance about the right way to achieve this?

Thanks,
Smita
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Follow-Ups:
- Re: [jetty-users] Question regd jetty ssl configuration.
  - From: John English

References:
- [jetty-users] Question regd jetty ssl configuration.
  - From: TSmitha

Prev by Date: [jetty-users] Question regd jetty ssl configuration.
Next by Date: Re: [jetty-users] Question regd jetty ssl configuration.
Previous by thread: [jetty-users] Question regd jetty ssl configuration.
Next by thread: Re: [jetty-users] Question regd jetty ssl configuration.
Index(es):
- Date
- Thread

Breadcrumbs