Skip to main content
P
Pingo Bango
Participant
August 27, 2021
Question

CF API Manager - User Store Password config

  • August 27, 2021
  • 1 reply
  • 181 views

I am attempting to import users into the ColdFusion API manager through a user store. My issue is that the AES encrypted password that I am pulling from the DB user store is not working when combined with the Password Cipher Algorith (AES) and Password Cipher Key (AES Key) columns. 

The rest of the process is working correctly as users are being imported, but when attempting to login as said users, the password does not work. 

 

If there is a known issue with this or a proper way to set up the encryption key/has, any assistance would be greatly appreciated. The Adobe documentation on this feature does not even include these fields. 

This topic has been closed for replies.

1 reply

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
August 29, 2021

I think you should decrypt the encrypted-password, then use the result as the actual password. Use something like

 <!---
 The values I use in this example are not real.
 However, they should give you the look and feel.
  --->
<cfset encryptedPassword="XffjMJbGcoA/2HrdpNpQTA==">
<cfset encryptionKey="a6P5flvuvtmRsyLEtFvwhKWmN0O9GEDkhO7viIcF96M=">
<cfset algorithm="AES/CBC/PKCS5Padding">
<cfset encoding="Base64">
<cfset IVSalt=toBinary("P58r0/vwuS2fFUBWQWbCMA==")>

<cfset password=decrypt(encryptedPassword,encryptionKey,algorithm,encoding,IVSalt)>
P
Pingo BangoAuthor
Participant
August 30, 2021

This is what I'm doing to generate the encrypted password. 

<cfscript>
    // Key generated by AES, 128
    key = "JZidBZLaYf27huVuM4MNTA==";
    secret = "TestPassWord";
    encSecret = encrypt(secret,key,"AES","base64");
    decSecret = decrypt(encSecret,key,"AES/ECB/PKCS5Padding","base64");

    writeOutput( "Input: #secret# <br />" );
    writeOutput( "Key: #key# <br />" );
	writeOutput( "Encrypted Input: #encSecret# <br />" );
	writeOutput( "Decrypted Input: #decSecret# <br />" );
	writeOutput( "Values Match: #( compare( secret, decSecret ) eq 0 )#" );
</cfscript>

 

The result is then being inserted into the DB which is checked against with these parameters. 

 

 

 

 

 

 

 

 

 

 

 

I'm not sure I understand decrypting the password in this case since the Password cipher algorithm states it checks against the encrypted password in the DB. 

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
August 30, 2021

I don't understand. In the example you give,

  1. Which values do you insert into the database?
  2. Which values do you retrieve from the database, and from which columns? Sharing the query code will help. 
  3. How do you use the values from the query to decrypt or encrypt?
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices