How can I decrypt a password that is in the jboss login-config.xml?

Question 1

How can I decrypt a password that is in the jboss login-config.xml?

java jboss password-encryption

dursun · Nov 16, 2011 · Viewed 9k times · Source

Answer

Answer

"jaas is the way" is the default key at least for older jboss versions (4.x). you can try something like this to decode the encoded bytes.

    public static String decode( String secret ) {
    String retString = "";
    try {
        byte[] kbytes = "jaas is the way".getBytes();
        SecretKeySpec key = new SecretKeySpec( kbytes, "Blowfish" );

        BigInteger n = new BigInteger( secret, 16 );
        byte[] encoding = n.toByteArray();

        Cipher cipher = Cipher.getInstance( "Blowfish" );
        cipher.init( Cipher.DECRYPT_MODE, key );
        byte[] decode = cipher.doFinal( encoding );
        retString = new String( decode );
    } catch (Exception ignore) {
        ignore.printStackTrace();
    }

    return retString;
}

Some additional info

https://docs.jboss.org/jbossas/javadoc/4.0.2/org/jboss/resource/security/SecureIdentityLoginModule.java.html

http://www.docjar.com/html/api/org/jboss/resource/security/SecureIdentityLoginModule.java.html

Question 2

Is there an API provided by jboss that I can use to access login-config.xml and decrypt the encrypted passwords?

How can I decrypt a password that is in the jboss login-config.xml?

Answer

Related questions