• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CF API Manager - User Store Password config

New Here ,
Aug 27, 2021 Aug 27, 2021

Copy link to clipboard

Copied

I am attempting to import users into the ColdFusion API manager through a user store. My issue is that the AES encrypted password that I am pulling from the DB user store is not working when combined with the Password Cipher Algorith (AES) and Password Cipher Key (AES Key) columns. 

The rest of the process is working correctly as users are being imported, but when attempting to login as said users, the password does not work. 

 

If there is a known issue with this or a proper way to set up the encryption key/has, any assistance would be greatly appreciated. The Adobe documentation on this feature does not even include these fields. 

TOPICS
Database access , Documentation

Views

64

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 29, 2021 Aug 29, 2021

Copy link to clipboard

Copied

I think you should decrypt the encrypted-password, then use the result as the actual password. Use something like

 <!---
 The values I use in this example are not real.
 However, they should give you the look and feel.
  --->
<cfset encryptedPassword="XffjMJbGcoA/2HrdpNpQTA==">
<cfset encryptionKey="a6P5flvuvtmRsyLEtFvwhKWmN0O9GEDkhO7viIcF96M=">
<cfset algorithm="AES/CBC/PKCS5Padding">
<cfset encoding="Base64">
<cfset IVSalt=toBinary("P58r0/vwuS2fFUBWQWbCMA==")>

<cfset password=decrypt(encryptedPassword,encryptionKey,algorithm,encoding,IVSalt)>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 30, 2021 Aug 30, 2021

Copy link to clipboard

Copied

This is what I'm doing to generate the encrypted password. 

<cfscript>
    // Key generated by AES, 128
    key = "JZidBZLaYf27huVuM4MNTA==";
    secret = "TestPassWord";
    encSecret = encrypt(secret,key,"AES","base64");
    decSecret = decrypt(encSecret,key,"AES/ECB/PKCS5Padding","base64");

    writeOutput( "Input: #secret# <br />" );
    writeOutput( "Key: #key# <br />" );
	writeOutput( "Encrypted Input: #encSecret# <br />" );
	writeOutput( "Decrypted Input: #decSecret# <br />" );
	writeOutput( "Values Match: #( compare( secret, decSecret ) eq 0 )#" );
</cfscript>

 

The result is then being inserted into the DB which is checked against with these parameters. 

Screenshot 2021-08-30 102836.png

 

 

 

 

 

 

 

 

 

 

 

I'm not sure I understand decrypting the password in this case since the Password cipher algorithm states it checks against the encrypted password in the DB. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 30, 2021 Aug 30, 2021

Copy link to clipboard

Copied

LATEST

I don't understand. In the example you give,

  1. Which values do you insert into the database?
  2. Which values do you retrieve from the database, and from which columns? Sharing the query code will help. 
  3. How do you use the values from the query to decrypt or encrypt?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation