Hello List,
even though I am not a GeoServer core developer myself, I think that my questions can best be answered by people who are involved in the geoserver development.
I try to reverse the encryption mechanism of the passwords for the DB connections that are returned via the REST API. I know the master password and therefore expected to be able to decrypt these strings, for example with the tool here: https://8gwifi.org/pbe.jsp
The strings are:
“crypt2:rvaPmI1USC4jaiPVJlFSWZ8mFHPh9jyMAU9jGfB1ABI=” (Strong PBE)
“crypt1:E1kAaW4HURBcJLDIRahhi3DBBov7r+DG” (Weak PBE)
As far as I understood for weak PBE the algorithm is “PBEWITHMD5ANDDES” and for strong PBR its “PBEWITHSHA256AND128BITAES-CBC-BC”.
But no matter what I try, I seem to miss one step because the services and my programming attempts always give me errors. What are the involves steps in order to retrieve the plain text password from the string above? The string itself obviously can’t serve as an input directly and I only have a rough understanding of encryption in general. As far as I understood, I only need the master password or did I miss an important part about the salt?
Is there any example code available to decrypt the password? I looked into the source code of the GeoServer and came up with this:
byte encPasswordBytes = " ".getBytes();
Charset charset = Charset.forName(“UTF-8”);
String encPasswordString = new String(encPasswordBytes, charset);
char encPasswordChararray = encPasswordString.toCharArray();
StandardPBEStringEncryptor stringEncrypter = new StandardPBEStringEncryptor();
stringEncrypter.setPasswordCharArray(encPasswordChararray);
stringEncrypter.setAlgorithm(“PBEWITHMD5ANDDES”);
StandardPBEByteEncryptor byteEncrypter = new StandardPBEByteEncryptor();
byteEncrypter.setPasswordCharArray(encPasswordChararray);
byteEncrypter.setAlgorithm(“PBEWITHMD5ANDDES”);
byte encPasswordOrig = “E1kAaW4HURBcJLDIRahhi3DBBov7r+DG”.getBytes(charset);
//byte decodedPasswordBytes = Base64.decode(encPasswordOrig);
byte decryptedPasswordBytes = byteEncrypter.decrypt(encPasswordOrig);
CharBuffer buff = charset.decode(ByteBuffer.wrap(decryptedPasswordBytes));
char tmp = new char[buff.limit()];
buff.get(tmp);
System.out.println(“decrypt:” + new String(tmp));
I tried to stick to the example from SecurityUtils.java and GeoServerPBEPasswordEncoder.java but I always get a response that complains about the last block incomplete in decryption or an incorrect padding.
Can anybody help?
Thank you very much,
Michael