Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
> Thanks for the support, I have at least switched from SHA1 to ARGON2. > > I am using OpenXPKI Version (core): 3.10.2 but the options of SHA256 and > SHA512 are not available to me. I have double checked it again. Please upgrade to 3.12.0. The feature you require was introduced in version v3.11.2. Regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
Thanks for the support, I have at least switched from SHA1 to ARGON2.
I am using OpenXPKI Version (core): 3.10.2 but the options of SHA256 and SHA512
are not available to me. I have double checked it again.
Regards
Scott Thomas
On Friday, 9 July 2021, 12:50:21 am GMT+5, Martin Bartosch
wrote:
> The SSHA of the raop1 is placed in
> /etc/openxpki/config.d/realm.tpl/auth/handler.yaml as
>
> raop1: "{ssha}zsmRmCaV2+Mg2t49v5hk3znKOL1VbnRz"
>
> the openxpkiadm hashpwd of OpenXPKI gives the following output
>
> Your hashed password is:
> $argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g
>
> How the argon2 will be used in handler.yaml file for raop argon2 password??
That would be
...
Operator Password:
type: Password
# The passwords can be generated with "openxpkiadm hashpwd"
# or with "openssl passwd -5"
# The password below is "openxpki" for all three users
role: RA Operator
user:
raop:
"$argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g"
...
> Furthermore what is the command switch to use SHA512, i am trying the
> following one but it is not working
>
> openxpkiadm hashpwd -s sha512
> Unsupported scheme - supported values: sha|ssha|md5|smd5|crypt|argon2
Works for me:
# openxpkiadm hashpwd
Please type your password, end with return:
Please re-type your password:
Your hashed password is:
{ssha256}Fx1qiNnzVWvgG1dwyk973l03lcHNhP7Ffi5Rgjmz2w8rT0Q2Y2lhUUxsL1hqVEtwSUpqektRPT0=
# openxpkiadm hashpwd -s sha256
Please type your password, end with return:
Please re-type your password:
Your hashed password is:
{sha256}iNQmb9TmM40TuEX88olXnSCciXgjuSF9o+Fhk28DFYk
# openxpkiadm hashpwd -s sha512
Please type your password, end with return:
Please re-type your password:
Your hashed password is:
{sha512}2AIvIGCtbv0perc9zFNVybIUBUsNF3ahNqZp0mp9OxT3OqDQ6/8Z7jMzaPAWS2QZqW2knj5IF1Pn6Wtxa9zLbw
Regards
Martin
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
> The SSHA of the raop1 is placed in
> /etc/openxpki/config.d/realm.tpl/auth/handler.yaml as
>
> raop1: "{ssha}zsmRmCaV2+Mg2t49v5hk3znKOL1VbnRz"
>
> the openxpkiadm hashpwd of OpenXPKI gives the following output
>
> Your hashed password is:
> $argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g
>
> How the argon2 will be used in handler.yaml file for raop argon2 password??
That would be
...
Operator Password:
type: Password
# The passwords can be generated with "openxpkiadm hashpwd"
# or with "openssl passwd -5"
# The password below is "openxpki" for all three users
role: RA Operator
user:
raop:
"$argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g"
...
> Furthermore what is the command switch to use SHA512, i am trying the
> following one but it is not working
>
> openxpkiadm hashpwd -s sha512
> Unsupported scheme - supported values: sha|ssha|md5|smd5|crypt|argon2
Works for me:
# openxpkiadm hashpwd
Please type your password, end with return:
Please re-type your password:
Your hashed password is:
{ssha256}Fx1qiNnzVWvgG1dwyk973l03lcHNhP7Ffi5Rgjmz2w8rT0Q2Y2lhUUxsL1hqVEtwSUpqektRPT0=
# openxpkiadm hashpwd -s sha256
Please type your password, end with return:
Please re-type your password:
Your hashed password is:
{sha256}iNQmb9TmM40TuEX88olXnSCciXgjuSF9o+Fhk28DFYk
# openxpkiadm hashpwd -s sha512
Please type your password, end with return:
Please re-type your password:
Your hashed password is:
{sha512}2AIvIGCtbv0perc9zFNVybIUBUsNF3ahNqZp0mp9OxT3OqDQ6/8Z7jMzaPAWS2QZqW2knj5IF1Pn6Wtxa9zLbw
Regards
Martin
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
Hi,
The SSHA of the raop1 is placed in
/etc/openxpki/config.d/realm.tpl/auth/handler.yaml as
raop1: "{ssha}zsmRmCaV2+Mg2t49v5hk3znKOL1VbnRz"
the openxpkiadm hashpwd of OpenXPKI gives the following output
Your hashed password
is:$argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g
How the argon2 will be used in handler.yaml file for raop argon2 password??
Furthermore what is the command switch to use SHA512, i am trying the following
one but it is not working
openxpkiadm hashpwd -s sha512Unsupported scheme - supported values:
sha|ssha|md5|smd5|crypt|argon2
RegardsScott Thomas
On Thursday, 8 July 2021, 02:18:17 am GMT+5, Martin Bartosch via
OpenXPKI-users wrote:
> OpenXPKI uses SSHA salted Sha 1 for raop password authentication via
> openxpkiadm hashpwd. How can we configure to use a higher version of SHA
> such as SHA256 OR SHA512?
The OpenXPKI password authentication handler supports salted md5, sha1, sha224,
sha256, sha384 and sha512, crypt and argon2.
A hashed argon2 password can be generated e. g. via openxpkiadm hashpwd -s
argon2
Most installations I know of delegate user authentication and authorization to
a suitable authentication backend, e. g. an LDAP directory.
Cheers
Martin
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
> OpenXPKI uses SSHA salted Sha 1 for raop password authentication via > openxpkiadm hashpwd. How can we configure to use a higher version of SHA such > as SHA256 OR SHA512? The OpenXPKI password authentication handler supports salted md5, sha1, sha224, sha256, sha384 and sha512, crypt and argon2. A hashed argon2 password can be generated e. g. via openxpkiadm hashpwd -s argon2 Most installations I know of delegate user authentication and authorization to a suitable authentication backend, e. g. an LDAP directory. Cheers Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
Hi. OpenXPKI uses SSHA salted Sha 1 for raop password authentication via openxpkiadm hashpwd. How can we configure to use a higher version of SHA such as SHA256 OR SHA512? RegardsScott Thomas Sent from Yahoo Mail on Android___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
