Skip to content

Commit

Permalink
Merge pull request #7681 from OpenLiberty/7651-AES
Browse files Browse the repository at this point in the history
update AES encoding type
  • Loading branch information
ramkumar-k-9286 authored Nov 8, 2024
2 parents 5934e4e + 4747c52 commit 10636fe
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
6 changes: 4 additions & 2 deletions modules/ROOT/pages/password-encryption.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,10 @@

= Password encryption limitations

Open Liberty supports the Advanced Encryption Standard (AES) encryption for passwords that are stored in the `server.xml` file.
When you use this option for protecting passwords in the Open Liberty configuration, understand the limitations to the protection that AES encryption provides. Currently, Open Liberty supports AES-128 encryption.
Open Liberty supports Advanced Encryption Standard (AES) encryption for passwords that are stored in the `server.xml` file.
When you use this option for protecting passwords in the Open Liberty configuration, understand the limitations to the protection that AES encryption provides.

The Open Liberty `securityUtility encode` command uses AES-256 encryption when the `--encoding` option is set to `aes`. The default value for this option is `xor`. For AES decryption, Open Liberty supports both AES-128 and AES-256.

Encrypting a password in the Open Liberty configuration does not guarantee that the password is secure or protected.
Encrypting a password means that someone who can see the encrypted password cannot easily recover the password unless they know the encryption key.
Expand Down
6 changes: 3 additions & 3 deletions modules/reference/pages/command/securityUtility-encode.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ securityUtility encode [options]
|--encoding=_encoding_type_
|Specifies how to encode the password.
Supported encodings types are `xor`, `aes`, and `hash`.
If this option isn't specified, a default encoding type of `xor` is used. Currently, the `aes` type uses AES-128 encryption.
The default value for this option is `xor`.
The `aes` type uses AES-256 encryption.
{empty} +
{empty} +
You can use the `hash` encoding type to encode passwords for a xref:ROOT:user-registries-application-security.adoc[basic user registry].
As of version 19.0.0.2, you can also use the `hash` encoding type to encode passwords for the xref:config/quickStartSecurity.adoc[quickStartSecurity element].
You can use the `hash` encoding type to encode passwords for a xref:ROOT:user-registries-application-security.adoc[basic user registry] or passwords for the xref:config/quickStartSecurity.adoc[quickStartSecurity element].

|--key=_encryption_key_
|Specifies the key to use when you encode with AES encryption.
Expand Down

0 comments on commit 10636fe

Please sign in to comment.