Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
> Thanks for the support, I have at least switched from SHA1 to ARGON2. > > I am using OpenXPKI Version (core): 3.10.2 but the options of SHA256 and > SHA512 are not available to me. I have double checked it again. Please upgrade to 3.12.0. The feature you require was introduced in version v3.11.2. Regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
Thanks for the support, I have at least switched from SHA1 to ARGON2. I am using OpenXPKI Version (core): 3.10.2 but the options of SHA256 and SHA512 are not available to me. I have double checked it again. Regards Scott Thomas On Friday, 9 July 2021, 12:50:21 am GMT+5, Martin Bartosch wrote: > The SSHA of the raop1 is placed in > /etc/openxpki/config.d/realm.tpl/auth/handler.yaml as > > raop1: "{ssha}zsmRmCaV2+Mg2t49v5hk3znKOL1VbnRz" > > the openxpkiadm hashpwd of OpenXPKI gives the following output > > Your hashed password is: > $argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g > > How the argon2 will be used in handler.yaml file for raop argon2 password?? That would be ... Operator Password: type: Password # The passwords can be generated with "openxpkiadm hashpwd" # or with "openssl passwd -5" # The password below is "openxpki" for all three users role: RA Operator user: raop: "$argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g" ... > Furthermore what is the command switch to use SHA512, i am trying the > following one but it is not working > > openxpkiadm hashpwd -s sha512 > Unsupported scheme - supported values: sha|ssha|md5|smd5|crypt|argon2 Works for me: # openxpkiadm hashpwd Please type your password, end with return: Please re-type your password: Your hashed password is: {ssha256}Fx1qiNnzVWvgG1dwyk973l03lcHNhP7Ffi5Rgjmz2w8rT0Q2Y2lhUUxsL1hqVEtwSUpqektRPT0= # openxpkiadm hashpwd -s sha256 Please type your password, end with return: Please re-type your password: Your hashed password is: {sha256}iNQmb9TmM40TuEX88olXnSCciXgjuSF9o+Fhk28DFYk # openxpkiadm hashpwd -s sha512 Please type your password, end with return: Please re-type your password: Your hashed password is: {sha512}2AIvIGCtbv0perc9zFNVybIUBUsNF3ahNqZp0mp9OxT3OqDQ6/8Z7jMzaPAWS2QZqW2knj5IF1Pn6Wtxa9zLbw Regards Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
> The SSHA of the raop1 is placed in > /etc/openxpki/config.d/realm.tpl/auth/handler.yaml as > > raop1: "{ssha}zsmRmCaV2+Mg2t49v5hk3znKOL1VbnRz" > > the openxpkiadm hashpwd of OpenXPKI gives the following output > > Your hashed password is: > $argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g > > How the argon2 will be used in handler.yaml file for raop argon2 password?? That would be ... Operator Password: type: Password # The passwords can be generated with "openxpkiadm hashpwd" # or with "openssl passwd -5" # The password below is "openxpki" for all three users role: RA Operator user: raop: "$argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g" ... > Furthermore what is the command switch to use SHA512, i am trying the > following one but it is not working > > openxpkiadm hashpwd -s sha512 > Unsupported scheme - supported values: sha|ssha|md5|smd5|crypt|argon2 Works for me: # openxpkiadm hashpwd Please type your password, end with return: Please re-type your password: Your hashed password is: {ssha256}Fx1qiNnzVWvgG1dwyk973l03lcHNhP7Ffi5Rgjmz2w8rT0Q2Y2lhUUxsL1hqVEtwSUpqektRPT0= # openxpkiadm hashpwd -s sha256 Please type your password, end with return: Please re-type your password: Your hashed password is: {sha256}iNQmb9TmM40TuEX88olXnSCciXgjuSF9o+Fhk28DFYk # openxpkiadm hashpwd -s sha512 Please type your password, end with return: Please re-type your password: Your hashed password is: {sha512}2AIvIGCtbv0perc9zFNVybIUBUsNF3ahNqZp0mp9OxT3OqDQ6/8Z7jMzaPAWS2QZqW2knj5IF1Pn6Wtxa9zLbw Regards Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
Hi, The SSHA of the raop1 is placed in /etc/openxpki/config.d/realm.tpl/auth/handler.yaml as raop1: "{ssha}zsmRmCaV2+Mg2t49v5hk3znKOL1VbnRz" the openxpkiadm hashpwd of OpenXPKI gives the following output Your hashed password is:$argon2id$v=19$m=32768,t=3,p=1$OTF5RTA5ZEt5cHM5Qmord1hRSktoQT09$fP5TeBuDgqimXDoCXH+q2g How the argon2 will be used in handler.yaml file for raop argon2 password?? Furthermore what is the command switch to use SHA512, i am trying the following one but it is not working openxpkiadm hashpwd -s sha512Unsupported scheme - supported values: sha|ssha|md5|smd5|crypt|argon2 RegardsScott Thomas On Thursday, 8 July 2021, 02:18:17 am GMT+5, Martin Bartosch via OpenXPKI-users wrote: > OpenXPKI uses SSHA salted Sha 1 for raop password authentication via > openxpkiadm hashpwd. How can we configure to use a higher version of SHA > such as SHA256 OR SHA512? The OpenXPKI password authentication handler supports salted md5, sha1, sha224, sha256, sha384 and sha512, crypt and argon2. A hashed argon2 password can be generated e. g. via openxpkiadm hashpwd -s argon2 Most installations I know of delegate user authentication and authorization to a suitable authentication backend, e. g. an LDAP directory. Cheers Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
> OpenXPKI uses SSHA salted Sha 1 for raop password authentication via > openxpkiadm hashpwd. How can we configure to use a higher version of SHA such > as SHA256 OR SHA512? The OpenXPKI password authentication handler supports salted md5, sha1, sha224, sha256, sha384 and sha512, crypt and argon2. A hashed argon2 password can be generated e. g. via openxpkiadm hashpwd -s argon2 Most installations I know of delegate user authentication and authorization to a suitable authentication backend, e. g. an LDAP directory. Cheers Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] Use SHA256 OR SHA512 for RAOP
Hi. OpenXPKI uses SSHA salted Sha 1 for raop password authentication via openxpkiadm hashpwd. How can we configure to use a higher version of SHA such as SHA256 OR SHA512? RegardsScott Thomas Sent from Yahoo Mail on Android___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users