Hello,
Problem solved.
With the help of the source code from
http://tools.lsc-project.org/projects/lsc/repository/entry/lsc/trunk/bin/passwordhk.pl,
I confirm that the length of the key used by the
"SecurityUtils.encrypt"and "SecurityUtils.decrypt"functions is 16 bytes
(the first 16 bytes from the "lsc.key" file).
But... during my first tries, the "passwordhk.pl" gave not the same
encryption, until I realize that only the first 15 bytes of the
"lsc.key" file were used by this script.
After a little modification (see diff below), the results of the
encryption are the same from LSC and passwordhk.pl (encryption
"Crypt::Rijndael" with a 128 bits key).
diff passwordhk.pl passwordhk-key_16_bytes.pl
108c108
< $key = substr( $key, 0, 15 );
---
> $key = substr( $key, 0, 16 );
Many thanks for the help.
Eric
Le 29/10/2014 16:57, David Coutadeur a écrit :
Hi,
Le 29/10/2014 16:55, Clément OUDOT a écrit :
2014-10-29 16:31 GMT+01:00 Eric Cassette <[email protected]>:
Clement,
Thanks for the answer.
But the key file that is randomly generated by the java method
"org.lsc.utils.security.SymmetricEncryption" has a size of 24 bytes. Is
this size mandatory ? Does it mean that I must choose a passphrase
with a
length of 24 characters ? Or does it mean that, in the "lsc.key",
only the
first 16 bytes are useful and that the 8 other bytes are padding ?
Yes indeed, it only takes the first bytes, and makes a padding for the
last bytes.
Well, I don't know the answer, maybe another LSC dev can give you the
information.
I ask this, because I thought that the length of the passphrase for
an AES
128bits symmetrical encryption was 16 bytes, and because I tried your
suggestion before asking to the mail-list (with a 16 bytes lsc.key
file),
and that the result of the encryption by the LSC task has not be the
same
as the result obtained by the OpenLDAP people with a Perl script and
some
CPAN Crypt add-ons.
To resume, let's say that before saying to the OpenLDAP people that
they
probably have made a mistake, I must be certain that the mistake
does not
come from me ;-)))
You can find here a Perl script that can be used with LSC encrypted
values
:
http://tools.lsc-project.org/projects/lsc/repository/entry/lsc/trunk/bin/passwordhk.pl
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
